Ever since 2013, I’ve consistently started getting registration e-mails in foreign languages from sites I definitely did not sign up for.
It started with Instagram, on which a bizarrely determined young boy from somewhere around Denmark was trying to register using my e-mail address. Instagram lets you remove an e-mail from an account, which is what I did, repeatedly, but the kid kept adding the non-functional e-mail back on to the account. Eventually I forced a password reset and forcibly deleted his account, in an attempt to dissuade him from using someone else’s e-mail in the future. Astonishingly, this did not work, and I was forced to register on Instagram just to prevent my e-mail from being used.
He shared a first name with me, and I noticed his name on a few of the other e-mails I had gotten. At first, I thought it was just this one kid, possibly related to the infamous gmail dot issue, but astoundingly, most of the time the e-mail had no dots and no apparent typos, it was just… my e-mail. Then I started getting even weirder e-mails.
- Someone else near Denmark used my e-mail to open an Apple ID. I went in to disable the account and it included payment information and their home address, along with the ability to remotely disable their apple device.
- I once got a Domino’s order receipt from someone on Rhode Island, which included their full name, home address, and phone number.
- Just recently, someone signed up for Netflix, got the account temporarily suspended for lack of payment, and then added a payment option before I decided to go in and change the e-mail while also signing up for Netflix so I wouldn’t have to deal with that anymore. I could see part of the credit card payment option they had used.
- Another time, I woke up to someone in a european timezone creating an account on Animoto and then uploading 3 videos to it before I could reset the password and lock out the account.
- At least two sites included a plaintext password in the e-mail, although they didn’t seem very legitimate in the first place.
What’s really frightening is discovering just how fragile many of these websites are. Most of them that allow you to change your e-mail address don’t require the new e-mail to be verified, allowing me to simply change it to random nonsense and render the account permanently inaccessible. Others allow your account to function without any sort of e-mail verification whatsoever.
One of my theories was that people just assumed they were picking a username that happened to have @gmail.com on the end of it. My e-mail is my first name and a number, which probably isn’t hard for someone also named Erik to accidentally choose. However, some of these e-mails are for people clearly not named Erik, so where is the e-mail coming from? Why use it?
So far, I’ve had my e-mail used incorrectly to sign up for these services:
- Netflix (Spanish) - Cely A.
- PlayView (Spanish)
- Mojang (English)
- Apple ID (Danish) - Seier Madsen
- Telekom Fon (Hungarian)
- Nutaku (English) - Wyled1
- Samsung (Spanish)
- Forex Club (Russian) - Eric
- Marvel Contest of Champions (Portuguese)
- Jófogás (Hungarian)
- Wargaming.net (Russian)
- Deezer (English) - Erik Morales
- Crossfire (Portuguese)
- Instagram (Danish) - Erikhartsfield
- List.am (Armenian)
- ROBLOX (English) - PurpleErik18
- cccraft.net (Hungarian)
- ThesimpleClub (German)
- Cadastro Dabam (Portuguese)
- Első Találkozás (Hungarian) - Rosinec
- Pinterest (Portuguese) - Erik
- MEGA (Spanish)
- mestermc.hu (Hungarian) - Rosivagyok
- Snapchat (English)
- Skype (Swedish)
- PlayIT (Hungarian) - hírlevél
- Animoto (English) - Erik
- Geometry Dash (English) - erikivan1235
- Club Penguin (Spanish)
- LEGO ID (English) - szar3000
- Seejaykay.com (English)
- Dragon’s Prophet (English)
- Sweepstakes (English) - ErikHartsfield
- School.of.Nursing (English) - ErikHartsfield
- SendEarnings (English) - ErikHartsfield
- Talkatone (English) - Cortez
- Anonymous VPN (English)
- Penge (Hungarian)
- Apple ID (Swedish) - Erik
- Snapchat (Swedish) - kirenzo
- Snapchat (Swedish) - erik20039
- ROBLOX (English) - Mattias10036
- Riot Games (English) - epik991122
- Instagram (English) - opgerikdontcare
- Goodgame Empire (English) - rulererikman
Given how fundamental e-mail is to our modern society, it’s disconcerting that some people, especially young kids, have no idea how powerful an e-mail is. When they provide the wrong e-mail for a service, they are handing over the master keys to their account. These services use e-mail as a primary source of identification, and some of them don’t even seem to realize they’re using the wrong e-mail.
Perhaps this speaks to the fact that, despite all the work large software corporations claim they put into making intuitive user interfaces, basic aspects of our digital world are still arcane and confusing to some people. Forget trying to replace passwords with biometrics, some people don’t even understand how e-mail works. Maybe the software industry needs to find a more intuitive way to assert someone’s identity.
Or maybe people are just dumb.