Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deleting Your Yahoo Email Account? Yeah, Good Luck With That (zdnet.com)

Posted by msmash on from the not-letting-go dept.

In the wake of security breach revelations, many of you might have considered deleting your Yahoo account. Many of you might be thinking about doing so soon. Heads up, it turns out, deleting a Yahoo email account isn't as straightforward as you may have imagined, and you again have Yahoo to blame for that. From a report on ZDNet: Several Yahoo users, who last year decided to leave the service, told us that their accounts remained open for weeks or months after the company said they would be closed. David Clarke was one of those departing users, whose dormant account was slowly accumulating junk over the past few years. "This was an ancient email I had set up, had no personal data in it anymore and had a unique password," writing about his troubles on Medium. "But it's a part of my digital footprint that I no longer required and decided, given the horrible security practices going on at Yahoo, to vote with my account and have it removed." Yahoo makes the account deletion process straightforward enough, but users have to wait "in most cases... approximately 90 days" for the account to close. The company says this is to "discourage users from engaging in fraudulent activity." On day 91, Clarke logged back into his account to find that it was still active. Unbeknownst to him, logging back in simply to check would reset the clock back to zero. "Yahoo confirmed via email yesterday if you access your account it resets the timer," he told me. "So, if you login to ensure your account has been deleted and it hasn't, you have to wait at least another 90 days."

55 of 101 comments (clear)

  1. Send it an email? by MarcAuslander · · Score: 5, Interesting

    I wonder if checking by seeing if an email to it bounces would "reset" the timer. Because if so, spam will keep it open forever!

    1. Re:Send it an email? by ShanghaiBill · · Score: 4, Insightful

      I wonder if checking by seeing if an email to it bounces would "reset" the timer. Because if so, spam will keep it open forever!

      No. Receiving email does not reset the timer. But I am confused about why people care if the account is open. If they are no longer using the account, and it contains no personal information, then it is just a spam sink, wasting space on Yahoo's disk farm, but otherwise doing nothing and harming no one.

    2. Re: Send it an email? by Anonymous Coward · · Score: 5, Interesting

      Also note that e-mail accounts never die.
      They just can not really die and disappear.
      If it was possible, then after disappearance,
      someone else could create the exact same
      named email-account, and appear to be you.

      E-mail accounts can never really go away.

    3. Re:Send it an email? by Sebby · · Score: 2

      But I am confused about why people care if the account is open. If they are no longer using the account, and it contains no personal information, then it is just a spam sink, wasting space on Yahoo's disk farm, but otherwise doing nothing and harming no one.

      This particular user in the story doesn't care, but others will (where they do want the account to die, so it cannot be abused/accessed through future inevitable breaches). Knowing that someone else has successfully done so is valuable to know, more valuable then Yahoo's stock!

      --

      AC comments get piped to /dev/null
    4. Re:Send it an email? by Stan92057 · · Score: 2

      Your yahoo email address is also your yahoo identity used to sign into every service they have which isn't many these days. Gone are the chat rooms, yahoo messenger probably just as dead yahoo games and so on. that may be why they care, seems dumb to be but its the world we live in today...i have a few old yahoo email addresses i closed never looked back made sure nothing was in them before i did though.

      --
      Jack of all trades,master of none
    5. Re:Send it an email? by taustin · · Score: 2

      Ever tell someone that you've changed email addresses, and they just won't stop using the old one? If they don't eventually get bounce messages, they will never switch to the new one.

      (Personally, I consider these people too stupid to email me, but it bothers some.)

    6. Re:Send it an email? by BlueCoder · · Score: 1

      I was just about to suggest this.

    7. Re:Send it an email? by AK+Marc · · Score: 2

      But I am confused about why people care if the account is open.

      They had the account for years. It has some personal or sensitive data in it. Yahoo keeps getting haked. So delete the account and keep your data safe (by losing it forever). Except you can't keep the data out of the hands of the hackers. By design.

      Do you have a better idea now of why someone would want an account on an insecure provider more secure?

      --
      Learn to love Alaska
    8. Re:Send it an email? by countach · · Score: 1

      Mmm, but if you give up your email address, someone else can grab it, then they can accumulate any potential private emails coming to that address which itself is s breach. If you have any thought that private data might come to an address you are better off keeping it.

    9. Re: Send it an email? by Just+Some+Guy · · Score: 1

      Unless you are Yahoo
      In which case fuck it

      --
      Dewey, what part of this looks like authorities should be involved?
    10. Re: Send it an email? by Hognoxious · · Score: 5, Funny

      Worst haiku ever!

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    11. Re:Send it an email? by war4peace · · Score: 2

      Um, no.
      The e-mail address can be parked, in other words marked as inactive. All e-mails sent to it would bounce as if it doesn't exist, and all attempts to create an identical one would fail as if it does exist.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    12. Re: Send it an email? by shumacher · · Score: 2

      Yeah, actually.

      Yahoo’s Very Bad Idea to Release Email Addresses | WIRED

    13. Re:Send it an email? by ShanghaiBill · · Score: 2

      They had the account for years. It has some personal or sensitive data in it.

      Then delete the personal and sensitive data. That doesn't require closing the account, and closing the account doesn't necessarily mean affiliated data is deleted. So why should anyone care if the account is closed?

    14. Re: Send it an email? by citylivin · · Score: 2

      What kind of BS is this? ISPs do reassign email accounts. What you say may be true for yahoo, but most ISP provided email, once its deleted, its deleted and someone else can re register it. Its really up to you to change your contacts and let them know about the switch. Email was never designed to be a secure medium and has no identity matching at all.

      Perhaps web mail companies are different, but they surely do not represent all mail servers out there.

      --
      As a potential lottery winner, I totally support tax cuts for the wealthy
    15. Re: Send it an email? by mrbester · · Score: 2

      Funnily enough (no, not really), I can't delete my Yahoo! account or even set it dormant because my ISP (BT) had / has an agreement with Yahoo! to provide email for domestic users going back to the end of the 90s. Even though my primary contact registered with BT hasn't been this address for well over a decade, because it was the original I signed up with it can't be deactivated because reasons.

      The "don't log in for 90 days" trick doesn't work with this account. I hadn't accessed it in five years. Fortunately I'd set all mail to be marked as spam (if it wasn't already) before I left it alone all those years and the size of that folder was astonishing.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    16. Re: Send it an email? by Anonymous Coward · · Score: 3, Informative

      Also note that e-mail accounts never die.
      They just can not really die and disappear.
      If it was possible, then after disappearance,
      someone else could create the exact same
      named email-account, and appear to be you.

      E-mail accounts can never really go away.

      Burma Shave.

    17. Re: Send it an email? by Sarten-X · · Score: 2

      So... They're just like post office boxes, on which the system was modeled, or street addresses. In both of those cases, someone else can get your address after you leave and communicate in your name!

      While getting your own domain is significantly easier than getting your own post office or private street, the effect is still the same. Those are the only ways to reliably use their respective addresses as identities.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    18. Re: Send it an email? by Anonymous Coward · · Score: 1

      I've seen verse...

    19. Re: Send it an email? by Alumoi · · Score: 2

      If you aren't paying for the service, you are the product, not the customer. Expect to be SOLD

      And if you're paying for the service, you are the idiot product who pays for having his information being sold.

    20. Re:Send it an email? by AK+Marc · · Score: 1

      A hacker with a username/password list for the site can't get to your deleted data if the account is closed. So closing the account is more secure than leaving it open and deleting everything. And deleting doesn't always work, but that's a separate issue.

      --
      Learn to love Alaska
    21. Re: Send it an email? by AK+Marc · · Score: 1

      But it does prevent remote access to that data. Sure, some Yahoo employe may still be able to dredge up something, but a hacker with the username/password for the account couldn't even log in.

      --
      Learn to love Alaska
  2. I heard worse... by XSportSeeker · · Score: 4, Insightful

    Though I have no way of confirming this nor I know if it's completely true, but I heard that it's not a good idea deleting your account at all.
    The reasoning is that once your account gets completely deleted, it becomes available once again for whoever gets it, so it could end up in impersonation if it was an account that you used frequently.

    I've kept mine but ceased all activities on it and deleted everything in there, while also replacing my password with a 20+ alphanumeric random thing.

    1. Re:I heard worse... by Anonymous Coward · · Score: 1

      Though I have no way of confirming this nor I know if it's completely true, but I heard that it's not a good idea deleting your account at all.
      The reasoning is that once your account gets completely deleted, it becomes available once again for whoever gets it, so it could end up in impersonation if it was an account that you used frequently.

      I've kept mine but ceased all activities on it and deleted everything in there, while also replacing my password with a 20+ alphanumeric random thing.

      100% right. Reclamation - https://www.wired.com/2013/06/yahoos-very-bad-idea/

    2. Re:I heard worse... by Just+Some+Guy · · Score: 4, Informative

      I linked this elsewhere, but again to make sure it gets seen: yes, purge your account of all data, but don't delete it because Yahoo reserves the right to give your old address so someone else.

      --
      Dewey, what part of this looks like authorities should be involved?
    3. Re:I heard worse... by Just+Some+Guy · · Score: 1

      Bad time to remember that you used midgetpornaficionado385@yahoo.com as the recovery account for normal-name@hotmail.com, which is the recovery account you used when you signed up for Gmail so many years ago and then forgot about.

      --
      Dewey, what part of this looks like authorities should be involved?
    4. Re:I heard worse... by The-Ixian · · Score: 2

      Yeah, I just set an extremely long and random password, set up 2FA and made sure the account wasn't used anywhere else as a secondary e-mail. Then I promptly "forgot" all the information.

      I doubt anyone will ever be able to log in again... and if Yahoo wants to hold a ton of spam... well, that's on them.

      --
      My eyes reflect the stars and a smile lights up my face.
    5. Re:I heard worse... by antdude · · Score: 1

      And I bet they have backups of your datas too. :(

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  3. It's all about the merger by mccrew · · Score: 4, Informative

    The merger with Verizon got in real trouble with the latest round of security revelations. While there are good reasons to have a delayed delete, this may be a case of keeping the active user count artificially high in order to keep the merger on track. The whole goal of the merger is to get access to (what remains of) the Y! user base, and letting everyone get away before the it closes just devalues the deal and makes Verizon look like a chump.

    --
    Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
    1. Re:It's all about the merger by Hognoxious · · Score: 4, Funny

      I should of stayed for the free classes

      Your 100% wright their.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    2. Re:It's all about the merger by wvmarle · · Score: 1

      this may be a case of keeping the active user count artificially high in order to keep the merger on track.

      I should also still have a Yahoo account. It's been a few years since I logged in; way longer since I checked my e-mail there. Created 15+ years ago, never actively used. If this "delayed delete" is a way of keeping the "active" user count up (i.e. number of registered and not-deleted accounts), it's a total fraud from Yahoo's side, as it'll for sure also add inactive accounts like mine, in that case.

  4. Why were the accounts around to begin with? by Kergan · · Score: 2

    According to their Help articles they purge inactive accounts anyway:

    https://help.yahoo.com/kb/SLN2...

    1. Re:Why were the accounts around to begin with? by The-Ixian · · Score: 2

      I somehow doubt that Yahoo would still have over 1 billion accounts to be compromised if this was actually happening.

      --
      My eyes reflect the stars and a smile lights up my face.
    2. Re:Why were the accounts around to begin with? by allo · · Score: 1

      There is the solution: abuse your account and they delete it.

    3. Re:Why were the accounts around to begin with? by Sarten-X · · Score: 2

      Yeah... I call bullshit.

      I had an old Yahoo account that has definitely been inactive for over 5 years. I just tried to log in, and it tried to send a validation code (good?) to a Hotmail address that I haven't used in even longer than that. That Hotmail account appears to have been properly deleted and re-registered (by someone whose security questions are in a different language than I would have used).

      --
      You do not have a moral or legal right to do absolutely anything you want.
  5. Facebook has the exact same policy by gQuigs · · Score: 4, Informative

    If you try logging in you reset the counter.

    https://www.facebook.com/help/...

  6. Because those accounts are assets. by mmell · · Score: 4, Informative
    Yahoo has a vested interest in making sure they're serving as many email accounts and hosting as many web pages as possible. They all represent resources, and that's important when it comes to reselling a business unit or the entire company.

    I've repeatedly pointed out that they seem to ignore emails to "abuse@yahoo.com", and if you're a non-Yahoo recipient of spam from the Yahoo domain you have to surf out to this incredibly complex URL, manually separate the message header from the body and solve a CAPTCHA to report it. They may not be getting paid directly by the spammers, but the web traffic a spammer creates to use a compromised account web page to kick off a PHP-based spam campaign from Yahoo's email domain looks good on the books. It's evidence that Yahoo's hosted web servers and Yahoo's hosted email solution are heavily used and relevant. The fact that they aren't really something Yahoo can monetize doesn't get mentioned, just "Hey, look how relevant we are!".

    You know, Hotmail (and presumably Live email) also impose a "ninety day cooloff" period on account cancellations. Hotmail/Live at least accept and act on emails sent to their abuse address, while Yahoo doesn't.

  7. Do NOT delete your account! It's a security risk! by Just+Some+Guy · · Score: 4, Informative

    Yahoo re-issues email addresses after they've been deleted. Are you absolutely 100% certain you haven't used that account as the password reset address for anything else? If so, go ahead (so long as you don't mind someone else having your username). If there's any chance at all that your old Yahoo address's new owner could reset your Facebook password, for instance, then purge your Yahoo account instead.

    Yes, everything to do with Yahoo is a travesty. Why do you ask?

    --
    Dewey, what part of this looks like authorities should be involved?
  8. Re:or... by Hognoxious · · Score: 2

    Just check its twitter feed.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  9. What is an Yahoo Email Account? by prefec2 · · Score: 1

    I know no one having one. I only read about it in news outlets that such thing exists. In doubt transfer all your data, change the password and delete the configuration in your email clients.

  10. Schrodinger's email by mspohr · · Score: 4, Funny

    It's there... and it's not... but don't look.

    --
    I don't read your sig. Why are you reading mine?
  11. Re:Deleting your post by PPH · · Score: 1

    Don't forget. You're here forever.

    --
    Have gnu, will travel.
  12. This is par for the course... by ctilsie242 · · Score: 4, Informative

    This isn't just Yahoo... Facebook does similar, and I wouldn't be surprised that other sites do the same thing. The info they have on you is an asset.

  13. Easy solution by darkpixel2k · · Score: 1

    Purge all confidential data from your account, reset your password to something like "1lovespam" and post the username and password randomly around the internet until someone takes it over and starts spamming.

    Yahoo will delete it down for you.

    --
    There's no place like ::1 (I've completed my transition to IPv6)
  14. Re:If you're not paying, YOU are the product by allo · · Score: 1

    [citation needed]

    This is some old maxim, getting boring over time, even when it may be true. But that they retain data is a claim which isn't backed by any sources i would know.

  15. Re:Do NOT delete your account! It's a security ris by citylivin · · Score: 1

    "Yahoo re-issues email addresses after they've been deleted."

    Yes and the city *gasp* re-uses home addresses when people move! And -- get a load of this - the phone company re-uses telephone numbers when you cancel your account! It's almost like people should be responsible for updating their own contact information!
    Nah thats crazy talk...

    I would think that slashdot re-uses UIDs for a 4 digit to have made such a pathetically fear mongering post such as this. Obviously mailservers re-use email addresses if a user is deleted. That's what deleting should mean!

    --
    As a potential lottery winner, I totally support tax cuts for the wealthy
  16. Re:Do NOT delete your account! It's a security ris by omnichad · · Score: 1

    the phone company re-uses telephone numbers when you cancel your account!

    And too quickly, too. Especially when they're terminated for non-payment, meaning that the number's owner was likely to owe on collections to a dozen companies or so. I wish you could pay extra to get a number that's been dead for longer.

    And if you tell a collections caller that you aren't who they're trying to reach, they're legally obligated not to call you anymore....Yeah, they don't believe you. That's what the person who owes the money would say to get the calls to stop, too.

  17. Official Cancellation Document by Neuronwelder · · Score: 1

    Would it be possible for a fee, that they could give you an officially deceased account paper letter? Could that way assure that other's could not use your account to steal?

  18. Re:Do NOT delete your account! It's a security ris by Just+Some+Guy · · Score: 1

    Meanwhile, back in reality you listed things that are naturally scarce. There are only so many phone numbers to go around. Google has an explicit policy against reuse, as do all other responsible providers. Yahoo is the exception here, not the rule.

    --
    Dewey, what part of this looks like authorities should be involved?
  19. Re:Do NOT delete your account! It's a security ris by unixisc · · Score: 1

    Uh, I deleted my yahoo account months ago, after these reports. I know that the account was deleted, b'cos I access my emails thru Thunderbird, and the day I deleted it, I couldn't access my past emails on Thunderbird: it kept prompting me for a password (which of course wouldn't exist since the account was no longer active)

    In the 90s, I had a hotmail account, which I just stopped using for years, and 2 years ago, I applied to get that same email, and got it. None of my old emails were there.

  20. Re:Do NOT delete your account! It's a security ris by unixisc · · Score: 1

    almost like people should be responsible for updating their own contact information! Nah thats crazy talk...

    This! Most of the postal mail that I get are addressed to former tenants. Including some from the DMV.

  21. Re:Exactly this by unixisc · · Score: 1

    You mean you can still log into it? My thing disappeared the day I deleted it - I could no longer log in

  22. Isn't "deleting" your account an even scarier secu by manno · · Score: 1

    Do they actually delete the account and black list the user name? So no one else could use it? I got the impression they just delete your data, but if I were to come by and try to take your username I could. What if there was some sensitive info still being sent to your yahoo account?

  23. Meh... by MerlTurkin · · Score: 1

    I changed my email address a few years back and never updated my Yahoo account so I'm good. I don't use web based email anyway.

  24. This far into the thread without Doc's line ??? by RockDoctor · · Score: 1
    I know it's traditional to bemoan the communal braindeath of Slashdot, but surely it's remarkably poor performance to get 100 comments and over a week into the discussion without one person bringing up Doc Daneeka's most famous line :

    "That's some catch, that Catch-22," [Yossarian] observed.
    "It's the best there is," Doc Daneeka agreed.

    Sighs ; shakes head. O tempora, o mores!

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"