Can you recall every online service account you have? Maybe you signed up to access some content or because a friend asked you to, then lost interest. Many users simply stop logging in and don’t bother to delete their accounts. The accounts sit there, dormant, waiting to be hacked — but if they are, you won’t know about it anytime soon, if ever.

Abandoned account: What could go wrong

Does it really matter what happens to an unwanted profile, though? If it gets hacked, so what? You didn’t need it anyway. However, in some cases, an abandoned account can be exploited to gain access to resources and important information that you do need. Here’s what you need to know

1. Social network accounts

Few people regularly check their accounts in all of their social networks. Say, for example, a person creates a Facebook profile, uses it to log in to Instagram and other services (handy, right?), and then realizes he doesn’t actually need Facebook — not an uncommon scenario. Sure, the social network continues to send e-mail notifications if the user didn’t bother to disable them, but they get filtered into a separate folder that he quit checking long ago.

Again, a more-than-plausible scenario. When the user receives an e-mail warning that someone logged into his account from an unknown device, he doesn’t see it. The cybercriminals who logged in have a free shot at the accounts linked to Facebook. They will also probably have time to sting some of the victim’s friends or followers on Facebook.

What to do

Set up two-factor authentication. Lots of services offer it; here are our posts on setting up security, including 2FA, in Facebook and Twitter.
Enable notifications about account logins from unknown devices — and pay attention to them.   

2. Backup e-mail address

Many people set up a separate e-mail account for mailings and notifications so as not to clutter up their main mailbox, and use it for registering everything and anything, including profiles with important data. And no incoming e-mails there are from real-life people, so they don’t check it very often. Therefore, they may not notice for a long time that their backup e-mail has been hacked — at least not until they lose access to a very important account.

What to do

Enable two-factor authentication for this account.
Set up forwarding of messages from this mailbox to a separate folder in your primary e-mail account.

3. Password manager

What if you saved your account credentials in a password manager, and then decided to replace it with a different app? The profile in the old manager doesn’t go anywhere, and neither do the passwords in it (half of which you probably didn’t change). If someone gains access to this profile, they will be able to get into your accounts. And even if you do discover the theft of an account, it won’t be immediately obvious how the cybercriminal got hold of the password for it.

What to do

Delete accounts in password managers if you no longer use them

How to avoid problems with abandoned accounts

As you can see, even an unneeded account can cause a lot of problems if hijacked. Preventing a problem is much easier than dealing with its consequences. Therefore, we recommend that you keep track of your accounts. Here are some general handy tips:

Recall which online services you have registered for. Check which phone numbers and e-mails your accounts in social networks, online stores, banks, and other important services are linked to, and unlink all current profiles from inactive phone numbers and mailboxes.
If you log in somewhere through Facebook, Twitter, or Google, or keep an additional e-mail or phone number for newsletters, public Wi-Fi, etc., check those accounts from time to time.
If you decide to stop using a password manager, online store, or social media account, delete your accounts in these services.
Turn on account login notifications in services that have this option — and review those notifications promptly.
Use a security solution such as Kaspersky Security Cloud, which will notify you of leaks in services you use.