Yahoo's plan to recycle old user IDs has prompted some concern among security experts who fear hackers could take advantage. But Yahoo says their fears are unfounded.
Speaking to Reuters in an interview published on Thursday, Yahoo senior director for consumer platforms, Dylan Casey, said that he's "aware" of the concerns over identity theft, but his company has "gone through a bunch of different steps to mitigate that concern."
Yahoo announced last week that it's resetting all user IDs that have been inactive over the last 12 months starting in July. The company has said that its users should be able to access whatever usernames they want, and not be forced to add a bunch of numbers after their names because someone who hasn't used the service for years has staked claim to an easier username.
- Yahoo buys Vizify, firm that visualizes social-media data
- Yahoo to require Yahoo ID; no more Facebook or Google logins
- Yahoo testing app-install ads similar to Facebook's
- Yahoo taps TrustyCon co-founder Alex Stamos for chief information security officer
- Yahoo, ICQ chats still vulnerable to government snoops
Security experts, however, have cautioned that the idea could lead to identity theft. Hackers could swallow up user IDs that match those found elsewhere across the Web, and use the credentials to take over an unsuspecting user's accounts elsewhere. One example being bandied about is the possibility of a hacker acquiring a Yahoo e-mail address that's linked to a person's Gmail account. By requesting a new password, they could then gain access to the victim's Google account.
Despite Casey's attempts to allay some fears, he was unable to say with "100 percent certainty that it's absolutely impossible for anything to happen." Still, he said that his company has gone to "extraordinary lengths to ensure that nothing bad happens to our users."