Abandoned free email accounts - SANS Internet Storm Center

Abandoned free email accounts
Mark wrote in with an observation that abandoned free email accounts (such as those of hotmail, yahoo and the like) are being abused by spammers to send messages at a very slow rate to the contacts in those accounts. As Mark noted himself, there's an obvious privacy issue if your contacts leak, and that's and that some of the former users have not only abandoned the service, but actually assumed the service would have been terminated due to no activity on the account anymore. If you have observed the same thing, we're interested in hearing from you. But it might be a good idea to verify the status of your former mailboxes you have around the globe and make sure there's nothing left of them of value to you or your attackers before you do abandon them. Better yet, those really old ones, should we not delete them properly? UPDATE: A reader pointed out it might not always be easy for users to deleted unwanted accounts judging from the support fora at e.g. hotmail, and hence it would be quite understandable that they just abandon the accounts instead of cleaning them up properly. -- Swa Frantzen -- Section 66	Swa 760 Posts Aug 29th 2010
Thread locked Subscribe	Aug 29th 2010 1 decade ago
They also change the reply to address so that the email goes back to a closely related account. cchristianson@freemail.com becomes cchristiansons@freemail.com	Chris 4 Posts
Quote	Aug 29th 2010 1 decade ago
Abandoned email accounts can also be a security risk if they are the email address of record used when resetting your password on some other web service. For example see http://techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/	Chris 5 Posts
Quote	Aug 30th 2010 1 decade ago
Re-registering abandoned email accounts has also been the primary method of hijacking highly thought-after 4-6 digit ICQ accounts, which can sell for hundreds of dollars on online auction sites.	oleksiy 34 Posts
Quote	Sep 1st 2010 1 decade ago