It's a valid scenario, but I was starting to think quite unlikely. If I get a a new jrandom@yahoo.com address, I would have to know who that account used to belong to and on which online services it might have been used. If I'm in Boston and the old "jrandom" was in Atlanta, I'd have to first figure that out and then figure out what bank he used, and be lucky enough that he had not updated his email there. And websites like banks and other financial services require more than just an email address to get a password reset. You need to answer some "secret questions" etc.

But I grew up before Facebook and other social networking fads. I still don't use those services. So I sometimes forget how easy it is to get a very good life history on someone by just searching their email address, very possibly including the answers to typical "secret questions" like your pet's name, where you went to elementary school, etc. and maybe I can even get some clues about what bank they use.

So it really might not be too far-fetched a concern. Still I think it somewhat unlikely that an email account tied to a lot of social networking activity is itself going to be dormant. But it's possible. Maybe the person has the account forwarded to another address and never logs in directly. Would that count as "dormant" ??

Before issuing an account, Yahoo themselves should be sure it's not forwarded, and search for any associated internet content, especially on social media. If an account has not been used in years, AND internet searches for that account turn up nothing, it might be safe to reissue it.

A lot of websites send "monthly newsletter from <site>.com" type emails. Ironically it's the avoidance of such emails that often causes people to use throwaway yahoo accounts.

Once these start appearing in the inbox, the new owner can just do a password reset on these sites.

"It's a valid scenario, but I was starting to think quite unlikely. If I get a a new jrandom@yahoo.com address, I would have to know who that account used to belong to and on which online services it might have been used. If I'm in Boston and the old "jrandom" was in Atlanta, I'd have to first figure that out and then figure out what bank he used, and be lucky enough that he had not updated his email there. And websites like banks and other financial services require more than just an email address to get a password reset. You need to answer some "secret questions" etc."

It's not that hard, actually, considering that most websites you sign up for send periodic marketing emails. You're the new owner, you get a marketing email addressed at the old owner, hit the "forgot my password" link, and you have ownership of the account.

I just reactivated my old Yahoo email account to prevent this scenario.

I was hoping they had retained all my old emails so I could go trough and find any exposures. Unfortunately, once an account is deactivated, the emails are gone - even if you log back in with the same password. Deleting the emails from the dormant account is probably the right thing to do, but it makes it impossible to see what sites I may have used the Yahoo email account to register with.