Register | FAQs | Login | Logout | Tell-A-Friend
 
 
 

Yahoo inc Company Scoops

Know the truth about Yahoo inc
See what employees and customers are saying about Yahoo inc.

Tecross Investigation Report: Yahoo account-locked password reset issue



Posted by tecross_staff Fri, 15 Sep 2006 17:37:33 GMT

Due to the growing interest on the Yahoo password reset issue, we have decided to investigate the problem and prepare ourselves to contact Yahoo as soon as the required number of petition signatures are obtained. Click here to view the complaint and sign the petition. Only registered members are allowed to sign the petitions. Some of our site visitors are reluctant to register; so let’s make our approach and process clearer for everyone:

In order to resolve complaints, we spend our own time and resources to investigate the problem and work with the corresponding companies. Since our resources are limited, we want to focus only on complaints that not only benefits the complaint owner but also the entire society. We do not want to deal with frivolous complaints. As a result of this approach, companies are also more receptive to Tecross since they understand that we work only on critical complaints. If a complaint is not worth your time to register, then that complaint does not deserve Tecross’ time and efforts. Bottom line, we want to weed out frivolous complaints and work on critical complaints only. For that, consumers have to join together (through our petition process) to fight against bad customer servicing companies.

Getting back to the problem on hand…

Our approach is to investigate and analyze the complaints in an unbiased manner from both the company and as well the consumer perspective. Leaving the emotions and feelings aside, arrive at a best possible solution to the problem.

View from Yahoo’s perspective:

  1. Identity theft, which includes phishing, is the fastest growing crime and the hardest problem to solve. Currently tons of companies are working on solving this problem, but there is no clear winner yet. As a result each company is implementing their own solution to prevent identity theft. Due to the financial and emotional damages that can result from identity thefts, companies are resorting to strict rules and polices. In Yahoo’s case, date of birth is the key data element that is used to identify their customers. So while requesting password resets, if your date of birth does not match to that on Yahoo’s file, you are out of luck. Yahoo has no way to distinguish you from a hacker. This is a catch-22 situation for Yahoo; trying to address your complaint while protecting their remaining customers from hackers and phishers.

  2. Global customer-base: Yahoo has customers in and around every corner of this globe. This causes logistics and operational (costs) nightmare to provide efficient customer service support. We believe this is the main reason for yahoo’s automated response emails. Also capitalism rules here: You get what you pay for!!

  3. Due to their global customer base, it is very difficult for Yahoo to come up with one single solution for their entire customer base. For example, few companies are resorting to using credit card numbers. But that wont work in Yahoo’s case since not everyone in SriLanka or Africa has credit cards.


Enough about Yahoo, lets look from the consumer perspective:

  1. It is a hopeless and nightmarish feeling to lose all your email data. Not only the emails, but also the photos, address books, etc. Overtime Yahoo has become an integral part of many of our cyber-life. The more Yahoo services and features you have used, the deeper your troubles will be.

  2. The constant fear that someone has stolen his or her Yahoo account is unthinkable and unimaginable. We personally don’t want anyone to go through this. Read this scary identity theft victim story to understand what a hacker can do to you. If you think you are a phishing victim, we strongly recommend you to change your email id for all your online-banking and other key accounts asap.

  3. Every moment Yahoo delays in resolving the issue, they are putting the victim’s social network in jeopardy and at arms-away-length from the hackers/phishers.

Now that we have discussed the perspectives of both the involved parties, let’s look at the issue in an unbiased manner.

  1. It is okay for Yahoo to use date of birth for identifying their customers, but the problem is that not everyone had used their actual date of birth for registration. Since childhood we are primed not to give out SSN and date of birth to anyone. To confirm this theory, we had personally contacted some of yahoo’s customers who had opened their accounts at least 4 or more years back. Guess what, most of them had used fake birthdays and none of them remembers it anymore. People who have opened their account in recent years appear to have used their actual birthdays – we believe this is due to the popularity of the Yahoo’s brand name in recent years.

  2. To make matters worse, one cannot see the birthday on file under yahoo user’s profile page. Yahoo does not display the date of birth for security reasons, which makes sense but at the same time numerous consumers (who had used fake birthdays) are literally like sitting ducks waiting to lose their data.

  3. We recently opened a Yahoo account to understand their registration process. It was not clear at all why they are requesting the date of birth. They have a help image next to the birthday field, but how many consumers click on that? We believe most of the consumers do not understand the importance of the birthday field during the registration process. It dawns on them only after becoming a phishing victim.

Desired Outcomes:

Now that we have dissected the problem, let’s discuss the desired outcome from Yahoo for this issue:

  1. Try to help the victims to regain their account access even if they don’t remember their fake birthdays. We believe the root cause for this problem is the lack of clarity from yahoo on the importance of the birthday field during the registration process. Most of the victims are willing to give other forms of ID such as license, credit card, etc.

  2. Block all access to the Yahoo ID as soon as someone reports that his/her account has been phished.

  3. If a user wants to cancel his or her account, then grant that wish as soon as possible. One of the complaints was Yahoo does not respond to requests to cancel accounts. As mentioned earlier, every moment Yahoo delays in resolving the issue, they are putting the victim’s social network in jeopardy and at arms-away-length from the hackers/phishers.

  4. Notify all their existing customers about the importance of their date of birth on file, and also have a plan for those customers who does not remember their fake birthdays. These customers are like sitting ducks waiting to lose their data.

Our Next Steps:

We are not sure how many victims are out there; we have only 11 petition signatures thus far; however, hundreds of consumers have shown interest on this complaint. Once we have more signatures, we’ll follow-up with Yahoo. Meanwhile, please write to us if you do not agree to our analysis or have concern about our understanding of the problem. We want to solve the complaints in the best possible manner. Following are the next steps Tecross will take to address this compliant:

  1. Once we have the required number of petition signatures, Tecross will contact Yahoo to address the issue. Click here to view the complaint and sign the petition.

  2. We’ll give Yahoo 30 days to respond to us. We’ll also broker between Yahoo and our users if necessary to amicably resolve the complaint.

  3. If there are no responses from Yahoo within 30 days or we feel that Yahoo does not want to address the issue, we’ll work with media companies for public awareness. During petition signature process, we ask our users if they would mind talking to the media companies. For this Yahoo petition, most of our users are willing to talk to the media companies.

  4. Finally Tecross will publish a consumer advisory report on this issue, which will be sent to all our users.

We don’t believe this problem is isolated to just Yahoo. Soon we will be analyzing Google and Hotmail for the same issue.

Posted in  | 3 comments

Comments

  1. tammie said 11 days later:

    Thanks for the eye opening report. I have no clue about my d.o.b on file at Yahoo, but know for sure I had given a fake one. How can Yahoo use d.o.b for verification purposes – why not SSN also??

    I will be slowly switching over to another Yahoo or Gmail account. Will be looking forward to your report on Google and MSN – I use neither of them, but may switch to one of them soon.

  2. sonia said 11 days later:

    Good investigative report except one issue . I DO NOT agree to your “You get what you pay for!!” argument with Yahoo. We (Yahoo users) does in fact bring in revenue for Yahoo everytime we visit their pages (Banner Ads) or everytime we click on their sponsored advertisements. Yahoo cannot survive without users like us, so they should not be taking us for granted.

  3. krishna akkulu said 11 days later:

    Dear friends My yahoo id suddenly stopped working. When enter user id and password it says invalid user id and passowrd.

    My life time data stored in this but yahoo cheat me. I do not know how to retrive data.

    Any human being help me then he will be like gad in my life.

    Please let me if anybody idea. Send me mail akkulu_krishna@yahoo.com

    Thanks Krishna

RSS feed for this post

Comments are disabled

Company Lookup


List all Companies


Tecross Benefits
A 360 degree view of a company. See what their employees, former employees, customers and vendors have to say.
Know the truth before joining or doing business with a company

You can rate your employer, former employer or any company. You can also file a complaint.
--Share your knowledge