Yahoo users who have been hit with notification after notification that their account may have been compromised are ready to give up their accounts. But Yahoo isn’t ready to give up those users. According to a report from ZDNet, the company isn’t deleting accounts despite user requests to do so.
Users of Yahoo Mail, the once-popular and more recently beleaguered web service, have been attempting to close down their accounts for good following a number of massive breaches suffered by the company that have put user information at risk.
However some Yahoo Mail users, like David Clarke—an information technology professional—are claiming Yahoo has been less than anxious to actually delete the accounts.
In a blog post, Clarke noted that when he attempted to rid himself of an old Yahoo email account he had made, he was greeted with a notification that his account wouldn’t be immediately removed. “In most cases your account will be deactivated and then deleted from our user registration database in approximately 90 days,” the message read.
Yahoo claims the delayed removal is a security protocol in its own right, implemented to prevent “fraudulent activity.” What Clarke found, though, was Yahoo didn’t delete his account even after the 90 day period. He was still able to login to the account after the given 90-day timeframe was up.
Making matters worse for Clarke, once he logged into the account, the 90-day timer reset, meaning his account information remained in the Yahoo database for at least another three months.
Yahoo confirmed to Clarke that his login reactivated his account, which prompts Yahoo to halt removal of the account. This means he and any other user who checks to see if their account has truly been closed runs the risk of undoing the deletion process.
Users have been attempting to remove their accounts thanks to the ongoing issues Yahoo has had with protecting user data.
Last year, the company confirmed that more than one billion accounts were stolen during a database breach that took place in 2013. It also disclosed another 500 million accounts were compromised in a 2014 hack. A 2013 hack of Yahoo-owned Tumblr also exposed 65 million accounts.
How To Delete Your Yahoo Account
If you want to get rid of your Yahoo account and prevent yourself from being exposed to another data breach, you can do so—even with the knowledge that it won’t be deleted right away.
Start by going to Yahoo’s Terminating your Yahoo account page. When prompted, enter your password and the captcha code if required. Then click the button labeled “Terminate this Account.”
Again, Yahoo claims that most accounts are deleted in 90 days, so going through this process will simply start you down the road to removing your information from Yahoo’s servers.
Make sure you don’t attempt to log back into your account or you’ll undo the process and will have to redo the steps to delete your account. If your account has truly been deleted, you will receive an error message saying that your account is “not recognized.”
Source: SANS ISC SecNewsFeed @ February 18, 2017 at 11:45PM