If you have online account which you may have forgotten or not accessed for years, your security could be at risk.
Ghost accounts are a major problem for web sites and internet users.
For users, they are stale web accounts that have been put aside, forgotten or not closed when no longer wanted.
For web sites they are a problem because they are security breaches that allow online access to their systems.
Site administrators may not know an account is inactive or loathe to limit or delete the account if they think you could become a valued customer – which is someone who spends a lot of money with them.
Culled and closed accounts
Most of us have dozens of ghost accounts, sometimes dating back to the days of Compuserve and AOL.
In a lot of cases, web sites would have culled and closed accounts after certain levels of inactivity.
But some are still open doors.
If a hacker steals poorly protected user names and password data from a web site, there’s a strong possibility that some names and passwords are still active in other accounts.
Research by internet consultancy Varonis uncovered an average 26% of accounts across 80 web sites were stale, with the highest being 90% of accounts for one site.
Matching ghost accounts with active accounts is easy.
Simply search the email address or name online and the search engine will show dozens of possibilities that just take a few minutes to trawl through. The most common way to find a ghost account is to check unguarded comments in old social media posts.
Safeguarding your data
Deleting old online accounts is a pain.
Many web sites make closing accounts difficult to dissuade people from leaving, while tracking old usernames and passwords going back several years takes time.
But it’s worth the bother.
According to password checker haveIbeenpwned.com, more than 6.5 trillion passwords have been exposed in data breaches.
Hackers can cross check email addresses with passwords to activate accounts and once inside, can find other data, like dates of birth, addresses and financial details.
The next step is building an online personality from this data to obtain credit, goods or services.
To make account data more secure, consider a password app like Dashlane or 1Password to set stronger passwords.
Choose a paid-for rather than free service – they give better support and are more likely to offer stronger protection.