Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Yahoo! Security IT Technology

Deleting Your Yahoo Email Account? Yeah, Good Luck With That (zdnet.com) 101

In the wake of security breach revelations, many of you might have considered deleting your Yahoo account. Many of you might be thinking about doing so soon. Heads up, it turns out, deleting a Yahoo email account isn't as straightforward as you may have imagined, and you again have Yahoo to blame for that. From a report on ZDNet: Several Yahoo users, who last year decided to leave the service, told us that their accounts remained open for weeks or months after the company said they would be closed. David Clarke was one of those departing users, whose dormant account was slowly accumulating junk over the past few years. "This was an ancient email I had set up, had no personal data in it anymore and had a unique password," writing about his troubles on Medium. "But it's a part of my digital footprint that I no longer required and decided, given the horrible security practices going on at Yahoo, to vote with my account and have it removed." Yahoo makes the account deletion process straightforward enough, but users have to wait "in most cases... approximately 90 days" for the account to close. The company says this is to "discourage users from engaging in fraudulent activity." On day 91, Clarke logged back into his account to find that it was still active. Unbeknownst to him, logging back in simply to check would reset the clock back to zero. "Yahoo confirmed via email yesterday if you access your account it resets the timer," he told me. "So, if you login to ensure your account has been deleted and it hasn't, you have to wait at least another 90 days."
This discussion has been archived. No new comments can be posted.

Deleting Your Yahoo Email Account? Yeah, Good Luck With That

Comments Filter:
  • Send it an email? (Score:5, Interesting)

    by MarcAuslander ( 517215 ) on Friday February 17, 2017 @04:51PM (#53888633) Homepage

    I wonder if checking by seeing if an email to it bounces would "reset" the timer. Because if so, spam will keep it open forever!

    • by ShanghaiBill ( 739463 ) on Friday February 17, 2017 @05:03PM (#53888709)

      I wonder if checking by seeing if an email to it bounces would "reset" the timer. Because if so, spam will keep it open forever!

      No. Receiving email does not reset the timer. But I am confused about why people care if the account is open. If they are no longer using the account, and it contains no personal information, then it is just a spam sink, wasting space on Yahoo's disk farm, but otherwise doing nothing and harming no one.

      • by Anonymous Coward on Friday February 17, 2017 @05:11PM (#53888765)

        Also note that e-mail accounts never die.
        They just can not really die and disappear.
        If it was possible, then after disappearance,
        someone else could create the exact same
        named email-account, and appear to be you.

        E-mail accounts can never really go away.

        • Unless you are Yahoo
          In which case fuck it
        • by Hognoxious ( 631665 ) on Friday February 17, 2017 @06:19PM (#53889229) Homepage Journal

          Worst haiku ever!

          • by Anonymous Coward

            I've seen verse...

        • What kind of BS is this? ISPs do reassign email accounts. What you say may be true for yahoo, but most ISP provided email, once its deleted, its deleted and someone else can re register it. Its really up to you to change your contacts and let them know about the switch. Email was never designed to be a secure medium and has no identity matching at all.

          Perhaps web mail companies are different, but they surely do not represent all mail servers out there.

          • Funnily enough (no, not really), I can't delete my Yahoo! account or even set it dormant because my ISP (BT) had / has an agreement with Yahoo! to provide email for domestic users going back to the end of the 90s. Even though my primary contact registered with BT hasn't been this address for well over a decade, because it was the original I signed up with it can't be deactivated because reasons.

            The "don't log in for 90 days" trick doesn't work with this account. I hadn't accessed it in five years. Fortunate

        • Re: (Score:3, Informative)

          by Anonymous Coward

          Also note that e-mail accounts never die.
          They just can not really die and disappear.
          If it was possible, then after disappearance,
          someone else could create the exact same
          named email-account, and appear to be you.

          E-mail accounts can never really go away.

          Burma Shave.

        • So... They're just like post office boxes, on which the system was modeled, or street addresses. In both of those cases, someone else can get your address after you leave and communicate in your name!

          While getting your own domain is significantly easier than getting your own post office or private street, the effect is still the same. Those are the only ways to reliably use their respective addresses as identities.

        • Would it be possible for a fee, that they could give you an officially deceased account paper letter? Could that way assure that other's could not use your account to steal?
      • by Sebby ( 238625 )

        But I am confused about why people care if the account is open. If they are no longer using the account, and it contains no personal information, then it is just a spam sink, wasting space on Yahoo's disk farm, but otherwise doing nothing and harming no one.

        This particular user in the story doesn't care, but others will (where they do want the account to die, so it cannot be abused/accessed through future inevitable breaches). Knowing that someone else has successfully done so is valuable to know, more valuable then Yahoo's stock!

        • Mmm, but if you give up your email address, someone else can grab it, then they can accumulate any potential private emails coming to that address which itself is s breach. If you have any thought that private data might come to an address you are better off keeping it.

          • Um, no.
            The e-mail address can be parked, in other words marked as inactive. All e-mails sent to it would bounce as if it doesn't exist, and all attempts to create an identical one would fail as if it does exist.

      • Your yahoo email address is also your yahoo identity used to sign into every service they have which isn't many these days. Gone are the chat rooms, yahoo messenger probably just as dead yahoo games and so on. that may be why they care, seems dumb to be but its the world we live in today...i have a few old yahoo email addresses i closed never looked back made sure nothing was in them before i did though.
      • by taustin ( 171655 )

        Ever tell someone that you've changed email addresses, and they just won't stop using the old one? If they don't eventually get bounce messages, they will never switch to the new one.

        (Personally, I consider these people too stupid to email me, but it bothers some.)

      • by AK Marc ( 707885 )

        But I am confused about why people care if the account is open.

        They had the account for years. It has some personal or sensitive data in it. Yahoo keeps getting haked. So delete the account and keep your data safe (by losing it forever). Except you can't keep the data out of the hands of the hackers. By design.

        Do you have a better idea now of why someone would want an account on an insecure provider more secure?

        • They had the account for years. It has some personal or sensitive data in it.

          Then delete the personal and sensitive data. That doesn't require closing the account, and closing the account doesn't necessarily mean affiliated data is deleted. So why should anyone care if the account is closed?

          • by AK Marc ( 707885 )
            A hacker with a username/password list for the site can't get to your deleted data if the account is closed. So closing the account is more secure than leaving it open and deleting everything. And deleting doesn't always work, but that's a separate issue.
    • I was just about to suggest this.

  • I heard worse... (Score:5, Insightful)

    by XSportSeeker ( 4641865 ) on Friday February 17, 2017 @04:54PM (#53888657)

    Though I have no way of confirming this nor I know if it's completely true, but I heard that it's not a good idea deleting your account at all.
    The reasoning is that once your account gets completely deleted, it becomes available once again for whoever gets it, so it could end up in impersonation if it was an account that you used frequently.

    I've kept mine but ceased all activities on it and deleted everything in there, while also replacing my password with a 20+ alphanumeric random thing.

    • by Anonymous Coward

      Though I have no way of confirming this nor I know if it's completely true, but I heard that it's not a good idea deleting your account at all.
      The reasoning is that once your account gets completely deleted, it becomes available once again for whoever gets it, so it could end up in impersonation if it was an account that you used frequently.

      I've kept mine but ceased all activities on it and deleted everything in there, while also replacing my password with a 20+ alphanumeric random thing.

      100% right. Reclamation - https://www.wired.com/2013/06/yahoos-very-bad-idea/

    • Re:I heard worse... (Score:5, Informative)

      by Just Some Guy ( 3352 ) <kirk+slashdot@strauser.com> on Friday February 17, 2017 @05:13PM (#53888791) Homepage Journal

      I linked this elsewhere, but again to make sure it gets seen: yes, purge your account of all data [honeypot.net], but don't delete it because Yahoo reserves the right to give your old address so someone else.

    • Yeah, I just set an extremely long and random password, set up 2FA and made sure the account wasn't used anywhere else as a secondary e-mail. Then I promptly "forgot" all the information.

      I doubt anyone will ever be able to log in again... and if Yahoo wants to hold a ton of spam... well, that's on them.

  • by mccrew ( 62494 ) on Friday February 17, 2017 @05:03PM (#53888713)
    The merger with Verizon got in real trouble with the latest round of security revelations. While there are good reasons to have a delayed delete, this may be a case of keeping the active user count artificially high in order to keep the merger on track. The whole goal of the merger is to get access to (what remains of) the Y! user base, and letting everyone get away before the it closes just devalues the deal and makes Verizon look like a chump.
    • this may be a case of keeping the active user count artificially high in order to keep the merger on track.

      I should also still have a Yahoo account. It's been a few years since I logged in; way longer since I checked my e-mail there. Created 15+ years ago, never actively used. If this "delayed delete" is a way of keeping the "active" user count up (i.e. number of registered and not-deleted accounts), it's a total fraud from Yahoo's side, as it'll for sure also add inactive accounts like mine, in that case.

  • by Kergan ( 780543 ) on Friday February 17, 2017 @05:03PM (#53888715)

    According to their Help articles they purge inactive accounts anyway:

    https://help.yahoo.com/kb/SLN2... [yahoo.com]

    • I somehow doubt that Yahoo would still have over 1 billion accounts to be compromised if this was actually happening.

    • by allo ( 1728082 )

      There is the solution: abuse your account and they delete it.

    • Yeah... I call bullshit.

      I had an old Yahoo account that has definitely been inactive for over 5 years. I just tried to log in, and it tried to send a validation code (good?) to a Hotmail address that I haven't used in even longer than that. That Hotmail account appears to have been properly deleted and re-registered (by someone whose security questions are in a different language than I would have used).

  • by gQuigs ( 913879 ) on Friday February 17, 2017 @05:05PM (#53888729) Homepage

    If you try logging in you reset the counter.

    https://www.facebook.com/help/... [facebook.com]

  • by mmell ( 832646 ) on Friday February 17, 2017 @05:06PM (#53888739)
    Yahoo has a vested interest in making sure they're serving as many email accounts and hosting as many web pages as possible. They all represent resources, and that's important when it comes to reselling a business unit or the entire company.

    I've repeatedly pointed out that they seem to ignore emails to "abuse@yahoo.com", and if you're a non-Yahoo recipient of spam from the Yahoo domain you have to surf out to this incredibly complex URL [yahoo.com], manually separate the message header from the body and solve a CAPTCHA to report it. They may not be getting paid directly by the spammers, but the web traffic a spammer creates to use a compromised account web page to kick off a PHP-based spam campaign from Yahoo's email domain looks good on the books. It's evidence that Yahoo's hosted web servers and Yahoo's hosted email solution are heavily used and relevant. The fact that they aren't really something Yahoo can monetize doesn't get mentioned, just "Hey, look how relevant we are!".

    You know, Hotmail (and presumably Live email) also impose a "ninety day cooloff" period on account cancellations. Hotmail/Live at least accept and act on emails sent to their abuse address, while Yahoo doesn't.

  • Yahoo re-issues email addresses after they've been deleted. Are you absolutely 100% certain you haven't used that account as the password reset address for anything else? If so, go ahead (so long as you don't mind someone else having your username). If there's any chance at all that your old Yahoo address's new owner could reset your Facebook password, for instance, then purge your Yahoo account [honeypot.net] instead.

    Yes, everything to do with Yahoo is a travesty. Why do you ask?

    • "Yahoo re-issues email addresses after they've been deleted."

      Yes and the city *gasp* re-uses home addresses when people move! And -- get a load of this - the phone company re-uses telephone numbers when you cancel your account! It's almost like people should be responsible for updating their own contact information!
      Nah thats crazy talk...

      I would think that slashdot re-uses UIDs for a 4 digit to have made such a pathetically fear mongering post such as this. Obviously mailservers re-use email addresses if a

      • the phone company re-uses telephone numbers when you cancel your account!

        And too quickly, too. Especially when they're terminated for non-payment, meaning that the number's owner was likely to owe on collections to a dozen companies or so. I wish you could pay extra to get a number that's been dead for longer.

        And if you tell a collections caller that you aren't who they're trying to reach, they're legally obligated not to call you anymore....Yeah, they don't believe you. That's what the person who owes the money would say to get the calls to stop, too.

      • Meanwhile, back in reality you listed things that are naturally scarce. There are only so many phone numbers to go around. Google has an explicit policy against reuse [google.com], as do all other responsible providers. Yahoo is the exception here, not the rule.
      • almost like people should be responsible for updating their own contact information! Nah thats crazy talk...

        This! Most of the postal mail that I get are addressed to former tenants. Including some from the DMV.

    • Uh, I deleted my yahoo account months ago, after these reports. I know that the account was deleted, b'cos I access my emails thru Thunderbird, and the day I deleted it, I couldn't access my past emails on Thunderbird: it kept prompting me for a password (which of course wouldn't exist since the account was no longer active)

      In the 90s, I had a hotmail account, which I just stopped using for years, and 2 years ago, I applied to get that same email, and got it. None of my old emails were there.

  • I know no one having one. I only read about it in news outlets that such thing exists. In doubt transfer all your data, change the password and delete the configuration in your email clients.

  • by mspohr ( 589790 ) on Friday February 17, 2017 @05:43PM (#53889015)

    It's there... and it's not... but don't look.

  • by ctilsie242 ( 4841247 ) on Friday February 17, 2017 @05:54PM (#53889079)

    This isn't just Yahoo... Facebook does similar, and I wouldn't be surprised that other sites do the same thing. The info they have on you is an asset.

  • It's possible that a man could have done an equally bad - or even worse - job. So stop it, all of you.

    (AmiMoJo has the painters in - Ed)

  • Purge all confidential data from your account, reset your password to something like "1lovespam" and post the username and password randomly around the internet until someone takes it over and starts spamming.

    Yahoo will delete it down for you.
  • Do they actually delete the account and black list the user name? So no one else could use it? I got the impression they just delete your data, but if I were to come by and try to take your username I could. What if there was some sensitive info still being sent to your yahoo account?

  • I changed my email address a few years back and never updated my Yahoo account so I'm good. I don't use web based email anyway.
  • I know it's traditional to bemoan the communal braindeath of Slashdot, but surely it's remarkably poor performance to get 100 comments and over a week into the discussion without one person bringing up Doc Daneeka's most famous line :

    "That's some catch, that Catch-22," [Yossarian] observed.
    "It's the best there is," Doc Daneeka agreed.

    Sighs ; shakes head. O tempora, o mores!

If you fail to plan, plan to fail.

Working...