Semi related: I unintentionally compromised someone’s account by registering their expired domain once.

They used the domain for some accounts and I’ve been getting emails for them due to using a catch-all filter. I contacted most of those service providers support teams, but some just told me to reset the password and login that way. Needless to say that disregard for privacy infuriated me a bit.

So yeah, if you ever register a domain for something, make sure all references to it are gone when you let it go.