403
Sorry!!
Error! We're sorry, but the page you were looking for doesn't exist.
Don't Let Dormant Accounts Become A Doorway For Cybercriminals
(MENAFN- Mid-East Info) Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.
Authored by Phil Muncaster, guest writer at ESET The longer our digital lives, the more online accounts we're likely to accrue. Can you even remember all the services you've signed up to over the years? It could be that free trial you started and never cancelled. Or that app you used on holiday once and never returned to. Account sprawl is real. According to one estimate , the average person has 168 passwords for personal accounts. Yet inactive accounts are also a security risk, both from a personal and a work perspective. They represent a potentially attractive target for opportunistic criminals, so it's worth considering a bit of spring cleaning once in a while to keep them under control. Why are dormant accounts risky? There are many reasons why you might have a large number of forgotten, inactive accounts. The chances are, you're bombarded by special offers and new digital services on a daily basis. Sometimes the only way to check them out is by signing up and creating a new account. But we're only human – we forget, our interests change over time, and sometimes we can't remember the logins and move on. It's often harder to delete an account than just leave it to become dormant. However, that may be a mistake. Accounts that have been inactive for a long time are more likely to be compromised, according to Google . That's because there's a greater chance that they use old or reused credentials that may have been caught up in a historic data breach. The tech giant also claims that“abandoned accounts are at least 10x less likely than active accounts to have 2-step-verification set up.” These accounts could be a magnet for hackers, who are increasingly focused on account takeover (ATO). They do so via a variety of techniques, including:
Authored by Phil Muncaster, guest writer at ESET The longer our digital lives, the more online accounts we're likely to accrue. Can you even remember all the services you've signed up to over the years? It could be that free trial you started and never cancelled. Or that app you used on holiday once and never returned to. Account sprawl is real. According to one estimate , the average person has 168 passwords for personal accounts. Yet inactive accounts are also a security risk, both from a personal and a work perspective. They represent a potentially attractive target for opportunistic criminals, so it's worth considering a bit of spring cleaning once in a while to keep them under control. Why are dormant accounts risky? There are many reasons why you might have a large number of forgotten, inactive accounts. The chances are, you're bombarded by special offers and new digital services on a daily basis. Sometimes the only way to check them out is by signing up and creating a new account. But we're only human – we forget, our interests change over time, and sometimes we can't remember the logins and move on. It's often harder to delete an account than just leave it to become dormant. However, that may be a mistake. Accounts that have been inactive for a long time are more likely to be compromised, according to Google . That's because there's a greater chance that they use old or reused credentials that may have been caught up in a historic data breach. The tech giant also claims that“abandoned accounts are at least 10x less likely than active accounts to have 2-step-verification set up.” These accounts could be a magnet for hackers, who are increasingly focused on account takeover (ATO). They do so via a variety of techniques, including:
-
Infostealer malware designed to harvest your logins. One report claims that 3.2 billion credentials were stolen last year; most (75%) via infostealers
Large-scale data breaches , where hackers harvest entire databases of passwords and usernames from third-party companies you might have signed up to
Credential stuffing, where hackers feed breached credentials into automated software, in an attempt to unlock accounts where you've reused that same compromised password
Brute-force techniques, where they use trial and error to guess your passwords
-
Use it to send spam and scams to your contacts (e.g., if it's an inactive email or social media account), or even launch convincing phishing attacks in your name. These might try to elicit sensitive info from your contacts, or trick them into installing malware.
Search through your dormant account for personal information or saved card details. These could be used to commit identity fraud, or to send further phishing emails impersonating the account service provider in order to elicit more details from you. Saved cards may have expired, but ones that haven't could be used to make fraudulent transactions in your name.
Sell the account on the dark web, if it has any value, such as a loyalty or Air Miles account you may have forgotten about.
Drain the account of funds (e.g., if it's a crypto wallet or forgotten bank account). In the UK, it's estimated that there could be £82bn ($109bn) in lost bank, building society, pension, and other accounts.
-
The Colonial Pipeline ransomware breach of 2021 started from an inactive VPN account that was hijacked. The incident resulted in major fuel shortages up and down the US East Coast.
A 2020 ransomware attack on the London Borough of Hackney stemmed in part from an insecure password on a dormant account connected to the council's servers.
-
Periodically audit and delete any inactive accounts. A good way to find these is to search your email inbox for keywords like“Welcome,”“Verify account,”“Free trial,” Thank you for signing up,”“Validate your account,” etc.
Go through your password manager or saved password list in your browser and delete any linked to inactive accounts – or update the password if it has been flagged as insecure/caught in a data breach.
It may be worth checking the account provider's deletion policies to ensure that all personal and financial information will definitely be removed if you close the account
Think twice before new sign-ups. Is it really worth creating a new account?
-
Switching on two-factor authentication (2FA), so that even if a hacker gets hold of your password, they won't be able to compromise your account.
Never log-in to sensitive accounts on public Wi-Fi (without using a VPN , anyway) as cybercriminals may be able to eavesdrop on your activity and steal your logins.
Be aware of phishing messages that try to trick you into handing over your log-ins or downloading malware (like infostealers ). Never click on links in unsolicited messages, and don't fall for attempts to rush you into taking action by, for example, claiming you owe money or that your account will be deleted if you don't.
Legal Disclaimer:
MENAFN provides the
information “as is” without warranty of any kind. We do not accept
any responsibility or liability for the accuracy, content, images,
videos, licenses, completeness, legality, or reliability of the information
contained in this article. If you have any complaints or copyright
issues related to this article, kindly contact the provider above.
Most popular stories
Market Research
- Freedom Holding Corp.: S&P Global Ratings Upgrades Outlook On Key Operating Subsidiaries To“Positive” On Strengthened Risk Management And Compliance
- Aster Launches 24/7 Stock Perpetual Contracts Trading With Exposure To U.S. Equities
- Aeternum Confirms Return Of Unchained Summit To Dubai On October 3031, 2025
- Currency Taps AI To Scale Smarter, Faster, Starting With Compliance
- Biomatrix Surpasses 5 Million Verified Users, Setting New Standards For Real Human Engagement In Web3
- Botanix Launches Mainnet To Power The Bitcoin Economy With Chainlink, Fireblocks, GMX, Dolomite And Others
More Story
Comments
No comment