Making Yahoo IDs available for registration again could lead to domain theft.
If you have access to a domain account holder’s email, it’s fairly easy to steal a domain from them.
Which is why domain name registrars should be on high alert about Yahoo’s plan to recycle dormant user IDs.
The company plans to re-offer dormant user IDs to the public in an effort to make better IDs available. Although only a small amount of the IDs are apparently connected to Yahoo email accounts, this is still troublesome.
One way people steal domain names is to get control of the registrant’s webmail accounts. I’ve seen more than one occasion where a thief found a webmail account that had been made “available again”, signed up for the account, and then stole a domain.
It would be fairly simple to do this on a large scale. A thief could scan whois records for administrative contacts with @yahoo.com email addresses, and then set up a system to check for availability. After signing up for the available ones, it won’t be difficult to reset passwords at the corresponding domain registrar. Then they just have to transfer the domain to another account or request the EPP code to transfer the domain.