Online Investigations Pty Ltd have identified ex-partners to be gaining access to their former spouses personal accounts by taking over their forgotten email accounts.
Back in June this year, Yahoo announced via their Tumblr blogs that email accounts which had been inactive for 12 months would be recycled and returned back to the pool of available user ID’s. Microsoft also started this process with their Hotmail, Live and Outlook.com email accounts.
The announcement by Yahoo! they were going to recycle inactive email accounts
Since the ‘recycling’ process began, Online Investigations Pty Ltd have identified instances where ex spouses are using the old forgotten email accounts once used by their partners and still listed as the ‘secondary’ email connected to their profile to gain access to their social networking account and private data.
After a security blitz several years ago, several social networking companies required a secondary email to be added to a users account as an added security feature. Since then, many individuals have since stopped using these email addresses but have failed to remove this address as a backup on their account. 
A screenshot of Gmail settings page
By initiating the “forgot my password” feature on an account such as Facebook, a list of email addresses which are connected to the account will be revealed.
Despite the full address being masked by the replacement of asterisks, an ex-spouse can easily determine the full email address due to their previous relationship with the victim.
Once the victims’ forgotten email has been identified in full, it can then be ‘reclaimed’. A request for the password to the social networking account can then be sent this to this email allowing the ex-spouse to hijack the victims profile.
Social networking accounts such as Facebook activate a secondary security feature on an unknown IP accessing the account, however this is not always activated as the victim may have previously accessed their account using their former spouses’ computer. Another security feature requiring the user to identify individuals by name on the users friend list can easily be bypassed due to the spouse being familiar with their former flames associates.
Online Investigations – a private investigation company in Melbourne first to identify the breach – now warns it readers to review their email addresses connected to their social networking accounts and to remove any email addresses no longer being used.