Articles

Do you have too many accounts? Zombie accounts pose security risk

The world runs on technology. Regardless of your industry, software powers your enterprise. Roughly 10% of enterprises use more than 200 software apps. Much of the time, these tools require usernames and passwords for each user. Does this translate to too many accounts to keep track of? Unused accounts can pose security risks, both for organizations and for individuals.

Why we have too many accounts

Remember that time when so-and-so encouraged your enterprise to check out a free trial version of that new software service? Or that one-off occasion when you ordered a bottle of whisky as a thank you gift for a business partner? The online accounts created and no longer used could leak company or personal credit card information, passwords or other sensitive data.

Unused online accounts, aka “zombie accounts,” can pose significant security risk. If a data breach hits the host organization, your enterprise could suffer downstream effects, which could manifest in a wide variety of different ways. It’s more common than you might think.

Examples of “zombie account” risks

For enterprises, certain types of older, unused administrative accounts can place your online environment in jeopardy. While administrative accounts used to represent a necessary component of platform use, today’s technology configurations mean that many of these accounts can be closed. Removing administrative account access when unnecessary can help limit security vulnerabilities.

For enterprises and employees alike, “you may be supplying a steady stream of personal data to online companies you’ve forgotten about,” warns a consumer report. These companies may collect calendar information, contact information, or even bank account details. Because unused accounts are usually out-of-sight and out-of-mind, account owners are unlikely to notice any unusual activity associated with them.

On the individual level, accounts that were opened two decades ago can unexpectedly come back to haunt a person once a security breach occurs. For example, MySpace accounts were popular in the early ‘00s. In 2016, the company experienced a breach involving 427 million pieces of data. The breach notification may have stunned those who had long-since forgotten about ever having opened an account in the first place.

Password reuse threats

A seemingly minor data breach within a company that you have minimal connection with can turn into a nightmare if you’re using the same password across many accounts. Hackers can take stolen passwords from one account and apply them to other accounts in your name. Password reuse can allow them to break in. If you find yourself susceptible to password reuse, try using a password manager.

Zombie accounts, eliminated

The run-around involved in deleting your too many accounts can be worse than the run-around you receive in following up on insurance claims or trying to coordinate inter-state DMV services. In other words, it can take you hours. Or it can prove altogether impossible.

For example, maybe your enterprise previously maintained a TV in the lobby of physical locations. Since the pandemic hit, administrators have been asked to turn off TV service due to limited building use. At least one TV service provider only offers account deletion for those covered under the California Consumer Privacy Act (CCPA). Other organizations also aim to prevent people from deleting accounts efficiently.

Online services such as Just Delete Me and Account Killer can help you identify and delete unused accounts and login credentials. Further, if you have been using a password manager for years, cull through your list of passwords and see where you might have accounts lurking in the background of your work environment and your life.

Many people consistently save passwords to their browsers. Consider combing through your browser settings to find stored passwords and the accounts that they’re connected to. One you find the passwords, you will still need to actively determine how to close the corresponding accounts.

Another tried and true method of finding old accounts? Google old usernames and handles of yours. For example, ITexpert94 or purplecanary330.

In summary

Deleting unused accounts is digital housekeeping. Deleting unused accounts can limit your enterprise-level and individual cyber security risk. For more insights and tools that can assist with managing user accounts, culling your too many accounts, and deleting zombie accounts, click here. Lastly, sign up for our newsletter here.

Back to top button