I've been considering the historical aspect of social networks and "personal pages" as an attack vector for a while (with respect to bad practice for removal). What happens when person "xyz" registers a domain, builds a personal site, and begins to signup for "whatever.com" under that email and then the domain lapses?
Re-registering the domain would be easy and capturing/selling the credentials would be easy. Once you get an email running a "forgot password" on the "to" address across the top 500 domains might yield something fun. Also catching these specific type domains in drop would be easy with firstname/lastname scan. Cheap as well. Basically fraud based domain squatting.
I had an account expire ~10 years ago. Somebody else registered the address and used it for several years, then eventually let it expire as well. Last year, I re-registered it, and used it to recover access to an account I created a long long time ago.
Actually, this is not a new idea. Entire block of IP adresses are known to have been highjacked this way and are now used for spam purposes. Squatters reclaim the block with various ploys including registering an abandoned domain name to accept email to the point-of-contact domain contact. [0]
Re-registering the domain would be easy and capturing/selling the credentials would be easy. Once you get an email running a "forgot password" on the "to" address across the top 500 domains might yield something fun. Also catching these specific type domains in drop would be easy with firstname/lastname scan. Cheap as well. Basically fraud based domain squatting.