Application security, Compliance Management, Privacy

‘Suspicious’ timing for Yahoo to disable auto-forwarding, source

Yahoo users attempting to switch email accounts to rival providers are having a hard time of it due to the fact that Yahoo Mail's automatic email forwarding feature – which enables users to forward a copy of incoming emails from their Yahoo account to an external competitor – was disabled in the first week of October, according to a post by independent computer security analyst Graham Cluley.

In the wake of the negative attention Yahoo has received over the past few weeks – a massive breach and revelations that it cooperated with U.S. intelligence services to spy on all its users' emails – a number of dissatisfied users are looking for alternative email providers. And, in what some are calling suspicious timing, those wishing to abandon Yahoo are now unable to have their email forwarded to rival services.

The reason: Yahoo is in the middle of negotiations to be purchased by Verizon and is attempting to hold on to its customers, posits Cluley.

The deal, which has not yet closed, is said to be back on the table since the breach. Verizon has reportedly asked that $1 billion be shaved off the $4.83 billion sales price contracted before the bad news broke this month.

While those who previously set preferences to have email forwarded are not affected, those attempting to do so subsequent to the negative attention are finding the function disabled.

On a help page, Yahoo said: "This feature is under development. While we work to improve it, we've temporarily disabled the ability to turn on Mail Forwarding for new forwarding addresses. If you've already enabled Mail Forwarding in the past, your email will continue to forward to the address you previously configured."

To the extent that it is forcing people to keep open email accounts that they would otherwise close, that's not a good security practice, Neill Feather, president of SiteLock, told SCMagazine.com on Wednesday. "The more unused email accounts that are kept open, the more susceptible consumers are to identity theft, phishing or other personal data compromises." 

Without further information from Yahoo, it's hard to make a determination whether the lockdown was a valid move on Yahoo's part, said Feather, who also is a board member of the Online Trust Alliance. But, he said, the fact that the functionality was shut down is a typical move to improve features and functionality.

However, he added, the timing might seem a bit coincidental. "Yahoo has recently taken a reputation hit from the news of the breach," Feather said. "Combine that with the limited information on the auto forward decision and the pending Verizon acquisition, and it's understandable how some would try to connect the dots."

The Yahoo breach, he advised, is another reminder to make sure users are closing accounts that they aren't regularly using. "With October as Cybersecurity Awareness Month, now is a good time to take a quick audit of your online accounts – both professionally and personally – and to disable those no longer in use."

No specific date was provided by Yahoo as to when the auto-forward function would be restored.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.