Email holds the keys to the kingdom. All your password resets go through email, and abandoning an old domain name makes it easy for attackers to re-register the old domain and get your stuff.
Read MoreTo test just how bad the problem is, Szathmari re-registered old domain names for several law firms that had merged, set up an email server, and without hacking anything, he says he received a steady stream of confidential information, including bank correspondence, invoices from other law firms, sensitive legal documents from clients, and updates from LinkedIn. (Szathmari is working to return the affected domain names to their original owners.)...