Facebook and Yahoo have developed a mechanism to prevent the owners of recycled email addresses from hijacking accounts that were registered on other sites using those addresses in the past.

Last year, Yahoo announced a policy that involves deleting inactive email accounts and making their IDs available again for registration. Microsoft has been doing the same with Outlook.com accounts.

The practice of recycling email addresses has been criticized by security and privacy experts because it opens up the door to abuse. Attackers could register deleted addresses and take over accounts on third-party sites that use them for confirming password change requests. In addition, the recycled addresses might continue to receive messages containing sensitive information that is destined for their previous owners.

To read this article in full or to leave a comment, please click here