Although I would like to reproduce this behaviour to be sure it wasn’t a fluke, today I discovered what I consider a design flaw in Yahoo!’s automated account deactivation logic. On the one hand, there is an option during login to “Keep me signed in”, which will keep the user signed in indefinitely on that computer and browser until cookies are cleared or the user signs out. On the other hand, there is a policy to deactivate accounts for which the user has not signed in for some set period of time. The problem is that one can be using Yahoo!’s services every day without signing in, and then suddenly discover that the account has been deactivated when signing in on another computer. While my experience with this problem resulted in no data loss, it was still a bit unnerving. What if that archive of emails and contact information going back several years had been lost?
I plan on reporting this to Yahoo! as soon as I can reproduce it to be positive it is a consistent problem.
Web developers beware! If it can happen to a large corporation with vast resources, maybe it could happen to you too.