1. A social network account
Few people regularly check all their accounts in all social networks. Quite often, a user starts, say, a Facebook profile, logs in to Instagram and several other services through it - it's convenient-and then realizes that they don't really need Facebook themselves. Of course, the social network continues to send notifications to the mail, if our hero did not bother to disable them, but they have long been filtered into a separate folder that he does not read.
In such a situation, this may well happen. When a user receives an email saying that someone has logged in to their account from an unknown computer, they will not notice this email. And hackers will have enough time to quietly use the accounts linked to Facebook. They will also probably have time to raise money from some of the victim's friends or followers on Facebook itself.
What to do:
2. Spare e-mail address
Many people start a separate email address for mailing lists, so as not to clutter up their main mailbox, and register everything to it, including profiles with important data. And since it doesn't receive any emails from real people, they don't check it very often. Therefore, the fact that the backup mail was hacked, the user may not notice for a long time - at least until they lose access to some very important account.
What to do:
3. Password Manager
Imagine that you stored your account credentials in a password manager, and then decided to change it. The profile in the old manager is still there, as well as the passwords in it (half of which you probably didn't change). If someone gets access to this profile, they can also get to your accounts. Meanwhile, even if a particular account is hijacked, not everyone will immediately figure out where the criminal got his password from.
What to do:
4. Online store account
Many stores offer to link a bank card or online wallet to your account to make it easier to make purchases. And some even do it automatically. If you often use the services of the resource, you are most likely satisfied with this. In addition, such a profile probably contains your home and work addresses for delivering goods and other valuable information about you.
However, you can opt out of this store's services over time. If your account goes on living its own life and gets hacked, the attackers will gain access to valuable information, and you will probably only find out about it when they try to buy something on your behalf. Or when they have already bought it: not all services request a code from the SMS to confirm the operation.
What to do:
5. Working Google account
If you need access to Google Analytics and other services for work, you can create a separate Google account for this purpose. Separating personal and work profiles is a good practice, but many people forget to delete their Google account after they quit.
Accounts created by the company are usually blocked by the IT service immediately after their owner leaves. But about the services in which the former employee registered himself, they may not think. As a result, no one's account will remain on the Internet with access to working documents and other confidential information. If such an account is hacked, it will be very, very difficult to detect it, because in fact no one even remembers that it exists.
What to do:
6. Phone number
Some users create a separate phone number for all kinds of services, loyalty cards, bonus programs, and public Wi-Fi networks, so that the main phone does not fall into the spammers ' databases. And at the same time, they use this SIM card for two-factor authentication. Although such a number is not an account, and you can't call it abandoned in the full sense of the word, it can also cause problems. On the one hand, a number of accounts are linked to it, on the other - you probably call from it rarely, and maybe never at all.
The fact is that it is not profitable for the operator to service SIM cards that you do not invest in financially. If you only need the phone number to receive incoming SMS messages, it may be blocked after three months and then resold.
Sometimes numbers are bought up quite quickly. In this case, you may not have time to re-link your accounts to the new phone number. But the buyer, if he turns out to be dishonest, will be able to find your accounts in online services and change their passwords, so it will not be easy to restore them.
In particularly advanced cases, it will be able to reach bank accounts and online wallets linked to this number and charge a certain amount of funds from them before you notify the bank about the current situation. So, in January, fraudsters emptied the accounts of a woman, outbid a number that she had not used for a long time (according to the operator).
What to do:
How to avoid problems with abandoned accounts
As you can see, even if you don't need an account by itself, hijacking it can cause a lot of problems. Preventing a threat is much easier than dealing with its consequences. Therefore, we recommend that you keep track of your accounts. Here are some general useful tips:
Few people regularly check all their accounts in all social networks. Quite often, a user starts, say, a Facebook profile, logs in to Instagram and several other services through it - it's convenient-and then realizes that they don't really need Facebook themselves. Of course, the social network continues to send notifications to the mail, if our hero did not bother to disable them, but they have long been filtered into a separate folder that he does not read.
In such a situation, this may well happen. When a user receives an email saying that someone has logged in to their account from an unknown computer, they will not notice this email. And hackers will have enough time to quietly use the accounts linked to Facebook. They will also probably have time to raise money from some of the victim's friends or followers on Facebook itself.
What to do:
- Set up two-factor authentication.
- Enable notifications when you log in to your account from unknown devices.
2. Spare e-mail address
Many people start a separate email address for mailing lists, so as not to clutter up their main mailbox, and register everything to it, including profiles with important data. And since it doesn't receive any emails from real people, they don't check it very often. Therefore, the fact that the backup mail was hacked, the user may not notice for a long time - at least until they lose access to some very important account.
What to do:
- Enable two-factor authentication for this account.
- Set up forwarding emails from this email address to your main email account in a separate folder.
3. Password Manager
Imagine that you stored your account credentials in a password manager, and then decided to change it. The profile in the old manager is still there, as well as the passwords in it (half of which you probably didn't change). If someone gets access to this profile, they can also get to your accounts. Meanwhile, even if a particular account is hijacked, not everyone will immediately figure out where the criminal got his password from.
What to do:
- Be sure to delete your accounts in password management services if you don't use them.
4. Online store account
Many stores offer to link a bank card or online wallet to your account to make it easier to make purchases. And some even do it automatically. If you often use the services of the resource, you are most likely satisfied with this. In addition, such a profile probably contains your home and work addresses for delivering goods and other valuable information about you.
However, you can opt out of this store's services over time. If your account goes on living its own life and gets hacked, the attackers will gain access to valuable information, and you will probably only find out about it when they try to buy something on your behalf. Or when they have already bought it: not all services request a code from the SMS to confirm the operation.
What to do:
- Don't link your bank card to your online store accounts.
- If the service remembers the card automatically, don't forget to delete it from the linked ones.
- Get a separate card for online purchases and keep only a small amount of money on it.
5. Working Google account
If you need access to Google Analytics and other services for work, you can create a separate Google account for this purpose. Separating personal and work profiles is a good practice, but many people forget to delete their Google account after they quit.
Accounts created by the company are usually blocked by the IT service immediately after their owner leaves. But about the services in which the former employee registered himself, they may not think. As a result, no one's account will remain on the Internet with access to working documents and other confidential information. If such an account is hacked, it will be very, very difficult to detect it, because in fact no one even remembers that it exists.
What to do:
- To the retired employee - nothing.
- Companies - do not forget to revoke access to services, including for the Google account of the departed employee.
6. Phone number
Some users create a separate phone number for all kinds of services, loyalty cards, bonus programs, and public Wi-Fi networks, so that the main phone does not fall into the spammers ' databases. And at the same time, they use this SIM card for two-factor authentication. Although such a number is not an account, and you can't call it abandoned in the full sense of the word, it can also cause problems. On the one hand, a number of accounts are linked to it, on the other - you probably call from it rarely, and maybe never at all.
The fact is that it is not profitable for the operator to service SIM cards that you do not invest in financially. If you only need the phone number to receive incoming SMS messages, it may be blocked after three months and then resold.
Sometimes numbers are bought up quite quickly. In this case, you may not have time to re-link your accounts to the new phone number. But the buyer, if he turns out to be dishonest, will be able to find your accounts in online services and change their passwords, so it will not be easy to restore them.
In particularly advanced cases, it will be able to reach bank accounts and online wallets linked to this number and charge a certain amount of funds from them before you notify the bank about the current situation. So, in January, fraudsters emptied the accounts of a woman, outbid a number that she had not used for a long time (according to the operator).
What to do:
- Set up a reminder to call or send at least one text message from an additional phone number every couple of months.
- Always maintain a positive balance on the account of this phone.
How to avoid problems with abandoned accounts
As you can see, even if you don't need an account by itself, hijacking it can cause a lot of problems. Preventing a threat is much easier than dealing with its consequences. Therefore, we recommend that you keep track of your accounts. Here are some general useful tips:
- Remember where and when you registered. Check which phone numbers and email addresses your accounts in social networks, online stores, banks, and other important services are linked to, and untie all current profiles from outdated contacts.
- If you log in somewhere via Facebook, Twitter, or Google, or keep an additional email address and phone number for mailing lists, check them from time to time.
- If you decide to stop using the password manager, online store, or social network account, delete your accounts in these services.
- Don't forget to enable account login notifications in the services, and respond to such notifications as quickly as possible.
- Use a security solution that can notify you of leaks in the services you use.
