22 August 2017
Cedric Pariente

IT and Market Finance

Cedric Pariente - Racine Alpha

23Posts 137,909Views 45Comments
Finextra community

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.

Never Use Hotmail as Secondary Email Account

30 July 2009  |  5104 views  |  1

 

Registering for an account at any web site almost always requires an email address, and some people use a secondary address they don't care about instead of their real email address to avoid spam. If you do this, be very careful.

Microsoft shuts down Hotmail accounts that haven't been logged into after nine months. So if you registered for your Gmail account two years ago and used your Hotmail address as your secondary email address and never logged back in, you've put your Gmail account at risk.

Here's how: If your Hotmail account gets shut down due to inactivity, someone else can open a new one using your Hotmail address. Then, if that someone else requests a password reset from Gmail, it goes to that address, and that someone can get into your primary email account. This is how Twitter employees' Gmail accounts got broken into last week.

From Hotmail's help section:

Free Windows Live Hotmail accounts become inactive if you don't sign in for more than 270 days or within the first 10 days after signing up for an account. After an account becomes inactive, all messages, folders, and contacts are deleted. Incoming messages will be sent back to the sender as undeliverable. Your account name is still reserved. However, if the account stays inactive for an additional 90 days, the account name may be permanently deleted.

If you are or ever were a Hotmail user, make sure all the important online accounts you use (banking, other email accounts, shopping sites where you've stored credit card information) don't send password reset messages to your Hotmail account, and that important messages aren't left there untouched for too long. Either that, or make absolutely sure you log in once every few months.

Gmail and Yahoo Mail have similar deactivation policies. From Gmail's Help:

A dormant address is a Gmail address that hasn't been used for six months. You can still receive mail if your address is dormant, but you need to log in to keep your account active. If you don't log in to Gmail within three months of it being labeled dormant - or for nine consecutive months - Google may delete the address.

From Yahoo Mail's help:

Accounts are deactivated and removed after four months of no use. When an account is deactivated, you won't be able to access it, regardless of whether or not email has been received in the account during that time.

And sorry, but we can't retrieve any of the information that was formerly stored in it.

In summary, unlogged-into Hotmail and Gmail accounts expire after nine months and unlogged-into Yahoo accounts expire after six (unless you pay for Yahoo! Mail Plus). Looks like we all have to remember to log into those secondary webmail accounts.

 

TagsSecurity

Comments: (1)

A Finextra member
A Finextra member | 31 July, 2009, 15:57

I would also like to add : that even if you partly own a company, never use your work email account as your secondary email.

I have had a bad experience getting dismissed from a company that I co-created with someone else - wrongfully so, of course - but that's another legal case.

But what happened next is really something that's amazingly sordid. The person that dismissed me (the President of the company, whilst I held a VP position), got rid of my access to my work email account and he took over that email account. From there, he was able to take over my financial accounts, my other email accounts, my ebay account, my paypal account. It did not stop there, he listed several items to sell using my ebay account (items that he obviously did not have) at fixed and buy it now prices of less than a dollar, obviously prompting many buy it now transactions. The ensuing mess I had to clean up, although not a 100% successful with some buyers that did not want to understand that my account was taken over.

So yes, ex-employers can steal your identity as well !

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Cedric

Home Equity Loan and Home Equity Line Of Credit

12 February 2010  |  4313 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupOnline Banking

How to Crack WiFi Network - Video Tutorial

30 January 2010  |  8754 views  |  0 comments | recomends Recommends 0 TagsSecurityGroupOnline Banking

Credit Without a Purpose is Dangerous!

26 January 2010  |  5227 views  |  1 comments | recomends Recommends 0 TagsCardsGroupOnline Banking

Social Suicide 2.0

05 January 2010  |  4700 views  |  1 comments | recomends Recommends 0 TagsSecurityGroupOnline Banking

MC2009

25 December 2009  |  6682 views  |  0 comments | recomends Recommends 0 TagsCardsGroupOnline Banking

Cedric's profile

job title Stanford Certified Project Manager
location Paris
member since 2009
Summary profile See full profile »
I'm Cedric Pariente, a Stanford Certified Project Manager, working in both IT and Market Finance.

Cedric's expertise

Member since 2008
23 posts45 comments
What Cedric reads
Think Tank
Cedric's blog archive
2010 (4)2009 (19)

Who's commenting on Cedric's posts