Ina Steiner EcommerceBytes Blog
News and insight focusing on ecommerce.
by Ina Steiner, Editor of EcommerceBytes.com
Sat June 15 2013 15:56:29

Yahoo Email Policy Poses Risk to eBay and Etailers

By: Ina Steiner

Sponsored Link

Haven't logged in to your Yahoo email account in the past year? You're at risk of losing the account, as Yahoo is expiring inactive email addresses. But as inconvenient as it may be for users to lose their Yahoo identity, it could also pose a major security risk to users, especially in the world of ecommerce, since Yahoo will give those expired email addresses to someone else - as early as August 15th.

Companies such as eBay allow users to recover their User IDs as long as they have their email address, and then similarly retrieve their passwords. It seems quite feasible that users who signed up to eBay (or other etail sites) with Yahoo email address could find third-parties hijacking their accounts if they haven't signed in to their Yahoo accounts lately.

And since many people use the same password across multiple services, this leaves them vulnerable to multiple account takeovers.

What about services and shopping sites that require users answer security questions to retrieve passwords? In this age of social networking sites, many of the answers to those questions can be easily found on Facebook (in what city were you born, what's the name of your pet, what's the name of your first child,...).

Yahoo is giving inactive accounts only a month to sign in to reactivate their account. If they miss the July 15th deadline, a new user could claim their ID just one month later. We're waiting for a response from Yahoo's public relations department, but it told USA Today that it would shut inactive accounts for 30 days before releasing them to new owners "and will unsubscribe the accounts from commercial e-mail. All incoming e-mails will receive bounce-back messages."

Do companies like eBay, Amazon.com and online merchants automatically deactivate an account if they receive a bounce-back message? It seems hardly likely, and it's not a given that a retailer or marketplace would send all of their users an email between July 15 - August 15 - and some users set their preferences so they don't receive marketing emails from etailers and marketplaces.

Asked about the Yahoo policy on Friday, eBay spokesperson Ryan Moore said, "We're reviewing their actions to determine what, if any, changes need to be made to ensure we maintain a trusted and safe eBay marketplace."

Asked whether eBay removes User IDs after a certain period of inactivity, and if so, what length of time that is, Moore said he would have to get back to me next week, and promised to share further information as it becomes available.

Yahoo Mail doesn't exactly have a sterling reputation when it comes to security. The Telegraph reported at the end of May that BT dumped Yahoo as an email provider to its six million broadband customers "following months of customer complaints over hacking."

A search of Twitter on Saturday shows a surprising number of users complaining that they can't log in to their Yahoo account because it's asking security questions to which they don't know the answer.

An employee of the ecommerce arm of a brick-and-mortar retailer told EcommerceBytes they've been strategizing on how to deal with the security risks Yahoo's new policy is posing, as a number of their customers have signed up with Yahoo email addresses, but the employee would not go on the record.

The problem that expired email addresses pose to sites like eBay isn't a new one, but in the case of Yahoo emails, it promises to be of a scale never seen before. In 2003, we wrote about the a similar danger posed to eBay users.

We'd purchased a domain name that had recently become available after its original owner let the registration expire. After activating the domain and setting up a mailbox, we began to receive hundreds of Spam messages addressed to former employees of the site - over 20 different email addresses in all.

Copying and pasting some of these email addresses into eBay's "Search by Seller" search box allowed us to pull up IDs of people who had previously worked for the site originally owning the domain name. These employees had never bothered to change their contact email address on eBay when the company dissolved.

In its rather perky announcement last week about the new policy, Yahoo wrote, "we want to give our loyal users and new folks the opportunity to sign up for the Yahoo! ID they've always wanted." You can read the full announcement on Yahoo's Tumblr page.




Comments (12) | Leave Comment | Permalink

Readers Comments

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: dans parts This user has validated their user name.

Sat Jun 15 18:02:34 2013

Since eBay will now devalue me for ''contacting'' MY customer after the sale to tell them their widget is on the way, I now use the email PayPal sends me to notify me of payment to send them a PERSONAL note (more than eBay's robotic auto email).  That PayPal email has the Buyer's email address as a header, and replies go back to the Buyer.

In the last month, I've had 3 of them bounce.

In other words, eBay does NO policing of expired email addresses.  Never have, as far as I can tell.

So, Ryan - How is that a ''trusted and safe eBay marketplace'' if neither eBay nor I can get hold of these people?

Like we're going to get a real answer...

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: Susan Averello This user has validated their user name.

Sat Jun 15 18:15:51 2013

I received an enail about that - I have a yahoo email only because of yahoo groups - I needed a yahoo id - I needed that for group and flickr - will they be affected by this? I never used yahoo's email but it is the same as the id, so then what

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

This user has validated their user name. by: Ric

Sat Jun 15 18:51:38 2013

"
Asked whether eBay removes User IDs after a certain period of inactivity, and if so, what length of time that is, Moore said he would have to get back to me next week, and promised to share further information as it becomes available."

I am betting that no one from eBay responds to this, hence the delay into next week.

eBay never discloses how many individuals are signed up, they only discuss account statistics. If they ever checked their membership, they would find far fewer actual "members" than they consistently claim given that a single individual may have multiple accounts.

eBay constantly makes statements about new accounts and the increase in membership. This alleged growth most certainly includes hundreds of thousands of dead accounts which eBay keeps on their books to prop up their inflated membership claims.

If eBay ever chose to deactivate those dead accounts, they would lose the ability to brag about membership growth.

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

This user has validated their user name. by: Ming the Merciless

Sat Jun 15 21:24:01 2013

Ebafia doesn't remove IDs; they sell them to corporations that want them.

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: dans parts This user has validated their user name.

Sat Jun 15 22:47:21 2013

Sigh.

Two orders total shipped out today.

One with bounced email address...

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

This user has validated their user name. by: askalice59

Mon Jun 17 01:17:10 2013

eBay is definitely recycling user ID's.

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: Sierra This user has validated their user name.

Mon Jun 17 07:46:25 2013

Susan, that's a really good question! I run a decent-sized local Yahoo group, so if Yahoo closes the accounts of people who don't look at their Yahoo email EVEN THOUGH they are active with that ID in other ways,  that's really going to stink.

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: PowerSeller2007 This user has validated their user name.

Mon Jun 17 11:02:20 2013

Yahoo mail absolutely not suited for e-commerce.  Years ago, Yahoo started a campaign to force Yahoo Mail account holders to pay fees.  So I moved out my ebay and Paypal out of Yahoo mail.

At that time, Yahoo would tag my outgoing emails spamming.  When I reported the problem, Yahoo mail support said that only paid subscribers would have harass-free account.  Every 10 emails I sent, Yahoo mail would give me a timed out.  Yahoo absolutely violated my TRUST to Yahoo Mail.  

Like ebay, thousands of honest sellers and buyers stop using ebay due to some forms of harassment, greeds and manipulation.

So, I think, Yahoo's continued threat and harassment for non-paying Yahoo Mail business holders continues.

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: Gina This user has validated their user name.

Mon Jun 17 11:59:16 2013

and, with no way to contact Yahoo Mail, how will we discover which accounts we may have used in years past?
anyone who uses Yahoo Mail for business is just not very smart.  Internet-based email services lose email, delay email, and are highly unpredictable... as this move shows!

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: PowerSeller2007 This user has validated their user name.

Mon Jun 17 14:13:17 2013

@Gina.
  Please advise the smart way.

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: PowerSeller2007 This user has validated their user name.

Mon Jun 17 15:13:50 2013

@Gina.
  Is using gmail or hotmail smart?  

I definitely know using ebay message is WORST and dumbest.

Using @comcast is outright stupid.
If you switch service provider, you don't want to be disconnected.  Also, comcast has not earned my trust.

Not all people has a domain.  And these are not safe to handle any mail and NOT to mention huge volume of mail traffice.   If you down scale, you will have to baggage to keep paying for the URL and hosting fee.

Perminate Link for Yahoo Email Policy Poses Risk to eBay and Etailers   Yahoo Email Policy Poses Risk to eBay and Etailers

by: Patricia This user has validated their user name.

Tue Jun 25 15:31:26 2013

For business I use the email that my ISP offers.  I've never had a problem.



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.