Are Your Old Accounts Leaving the Door Open for Hackers?
By: Jim Stickley and Tina Davis
July 14, 2026
We all have them, those online accounts you signed up for once and never thought about again. Maybe it was a recipe site you tried years ago, a store where you bought a gift and never revisited, or a social media profile you forgot you even made. What most people don’t realize is that these abandoned or unused accounts are like a treasure chest for cybercriminals, just waiting to be looted.
Every account you’ve created stores personal details. These may include your name, email, date of birth, maybe even payment information or your social security number. Hackers know this and actively search for forgotten accounts because they’re often protected by weak passwords or lack modern security features like two-factor authentication. Once bad actors get into one of these old accounts, they can use the information they find there to steal your identity, access your active accounts, scam your friends and family, or sell your data on the dark web. Maybe they’ll even do all of the above.
Are you at risk? Well, essentially everyone with an online presence may be. Most people have dozens, even hundreds, of accounts scattered across the web, and many go untouched for years. Remember that MySpace page you created long ago? While we’ve all likely moved on to other social media accounts, that website does still exists, and there are many others like it.
Here are some ways to help yourself get off those long-forgotten websites.
Find and delete old accounts you no longer use. You can start with your email inbox and password manager to see what websites are sending you email. If there’s one you don’t use anymore, get rid of it.
- While using Google, Facebook, or any other website credentials to log into more than one site is sternly frowned upon, check to see what is attached to those credentials. Each one has a way to find out what is connected. Sever those ties and create unique passwords for each of those that you want to keep. Get rid of the rest of them.
- If you haven’t used a site in a while, but may in the future, change the passwords and make them strong, unique ones you don’t use anywhere else.
- Turn on two-factor authentication whenever possible. Those older sites likely didn’t have it available then, so if you’re planning to use them, enable it now. It adds a second step a hacker can’t easily bypass.
- While our first choice for remembering passwords is to remember them, we realize that is a difficult, if not impossible task. If needed, consider using a password manager to keep everything organized and secure. Keep in mind that if your password manager is breached, so are your passwords.
And what if you cannot delete the account? Ok, we’ve all been taught that lying is not good, but in this case, we’ll let it slide. Put in fake information and remove all identifying information and payment/financial details.
A little quick cleaning now can save you a lot of trouble later. The fewer forgotten accounts you have, the fewer doors you leave open for digital troublemakers.