Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Abandoned free email accounts - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Abandoned free email accounts

Mark wrote in with an observation that abandoned free email accounts (such as those of hotmail, yahoo and the like) are being abused by spammers to send messages at a very slow rate to the contacts in those accounts.

As Mark noted himself, there's an obvious privacy issue if your contacts leak, and that's and that some of the former users have not only abandoned the service, but actually assumed the service would have been terminated due to no activity on the account anymore.

If you have observed the same thing, we're interested in hearing from you.

But it might be a good idea to verify the status of your former mailboxes you have around the globe and make sure there's nothing left of them of value to you or your attackers before you do abandon them. Better yet, those really old ones, should we not delete them properly?

UPDATE:

A reader pointed out it might not always be easy for users to deleted unwanted accounts judging from the support fora at e.g. hotmail, and hence it would be quite understandable that they just abandon the accounts instead of cleaning them up properly.

--
Swa Frantzen -- Section 66

Swa

760 Posts
They also change the reply to address so that the email goes back to a closely related account. cchristianson@freemail.com becomes cchristiansons@freemail.com
Chris

4 Posts
Abandoned email accounts can also be a security risk if they are the email address of record used when resetting your password on some other web service. For example see http://techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/
Chris
5 Posts
Re-registering abandoned email accounts has also been the primary method of hijacking highly thought-after 4-6 digit ICQ accounts, which can sell for hundreds of dollars on online auction sites.
oleksiy

34 Posts

Sign Up for Free or Log In to start participating in the conversation!