New reports claim that Yahoo email addresses reassigned to a new owner are receiving personal emails intended for the previous owner.
One user told news website Information Week that he had received emails with some highly sensitive information in them.
In June the company announced Yahoo addresses and IDs would be reassigned if they had been inactive for a year.
Privacy experts called on Yahoo to address the issue “immediately”. Yahoo says it has taken a series of measures to overcome privacy and security fears.
“Before recycling inactive accounts we attempted to reach the account owners [in] multiple ways to notify them that they needed to log in to their account or it would be subject to recycling,” said a Yahoo representative.
“We took many precautions to ensure this was done safely – including deleting any private data from the previous account owner, sending bounce-backs to the senders for at least 30-60 days letting them know the account no longer existed and unsubscribing the accounts from commercial mail.”
It is also in the process of rolling out a feature called “Not My Email” where users can report an email that is not intended for them.
The process will come as little comfort to the previous owner of an email account now owned by Tom Jenkins, an IT security professional.
Tom Jenkins told Information Week: “I can gain access to their Pandora account [online radio] but I won’t. I can gain access to their Facebook account, but I won’t. I know their name, address and phone number. I know where their child goes to school. I know the last four digits of their social security number. I know they had an eye doctor’s appointment last week and I was just invited to their friend’s wedding.”
Other users have revealed that they have also received messages that contain personally identifiable information.
“I recommend logging into your Yahoo account every six months or so in order to ensure that you retain control over it,” said security expert Lee Munson.
Privacy experts said that the issues were inevitable.
“These problems were flagged by security and privacy experts a few months ago when Yahoo announced their intention to recycle old emails, and cautioned that Yahoo’s plan created significant security and privacy risks. Yahoo downplayed these risks, and ignored critics, but now we see these concerns were legitimate,” said Mike Rispoli, spokesman for Privacy International.
“This email recycling scheme, an effort to re-engage old users and attract new ones, is resulting in some of our most intimate data being accessed by someone we don’t know and without our knowledge.
“We’re talking about account passwords, contacts for friends and families, medical records – this issue needs to be addressed immediately by Yahoo if they care about the privacy of their users and want them to trust the company with sensitive information.”