Yesterday, I went to the gym. And, as I have many times before, I looked down at the elliptical machine’s screen and reminded myself to delete the gym app account I no longer use (because it works great for the cardio machines, but is not so great at tracking weight work). But, unlike so many times before, today I remembered to do it. One fewer zombie account threatening my online security. Sound paranoid? Sure. But spot-on? Unfortunately, yes. Your forgotten zombie accounts are likely more of a threat to your cybersecurity than the apps you use every day! Here’s why and what you can do to protect yourself from the undead.
Data Breaches in Context
As I have mentioned before, every account you have has the potential for being breached. Just in the past year or so, huge breaches impacting hundreds of millions of records have demonstrated that most transactions expose you to some cybersecurity risk.
Some risks are more obvious than others. For example, the security risk to the average American consumer (147 million of them!) of the 2017 Equifax breach is obvious. Equifax is a credit reporting agency. It tracks the minutiae of your financial life and stores it to report to entities from which you want to borrow money (get a credit card, lease an apartment, get a mortgage). Through machinations few understand, Equifax somehow nominated itself to be one of the holders of Americans’ critical financial data, and it is unavoidable. Some cyberspace risks are beyond your control.
[Read Don’t Get Screwed out of Your Equifax Money at Wired Magazine]
How Do My Zombie Accounts Affect Me?
But don’t let the train wreck of Equifax hijack all of your attention. In many ways, the existential threat to your cybersecurity originates in the aggregation of the smaller bits of information about you already out there in cyberspace. As I wrote in Have You Been Pwned? Probably Yes, So Here’s What You Do, you will be horrified to see how little accounts you had forgotten and databases you didn’t even know your information was in have breached a fair number of tidbits about you without you even knowing. And, as I explain in that post, those little bits hiding on the dark web are aggregated by bad actors and used to try to access your other accounts (credential stuffing).
Changing passwords and using unique, strong passwords can help prevent credential stuffing success on the accounts you are using. Partner this good password hygiene with multiple-factor authentication. Add conscientious updating/maintenance of software/apps and self-restraint (i.e., not clicking on links in emails and texts), and most users will be pretty secure at first blush.
The nagging threat that none of that great advice will address? The vulnerability of zombie (untended) accounts. You know, those online accounts you no longer use. Likely, you established these accounts before being cyber savvy. Maybe they all use your dog’s name as the password. Or your kid’s birth date. Or your birth date. Or even 123456. They are vulnerable to being easily hacked with the information available about you online. (Hey, remember that social media post with the picture of your cat–and his name? Or the online announcement of you child’s birth–with their name and birth date? I know. What were we thinking back in the day?)
Conversely, the database for that zombie account can be breached without you ever being aware of it. That account is hacked and used for unintended purposes. Or, unbeknownst to you, information from that breach–like a password used in multiple places–winds up on the dark web and is used for credential stuffing your current accounts.
What to Do?
Don’t load up on VPN and go spelunking on the darknet looking for what information of yours is on it. There be monsters. Know your speed and stay in your lane (the clearnet). You can safely find a list of what breached data of yours is on the darknet using this clearnet source.
With that information in hand, address what you find there by securing any breached accounts. Then decrease your risk moving forward by shrinking your digital footprint. Determine which accounts you no longer use and delete them. AccountKiller.com gives guidance for closing accounts at popular sites, and some software, like Dashlane, offer software that will assist you in the process if you find it daunting.
In doing so, you will minimize the vulnerabilities discussed above and decrease the amount of “curation” you need to do to keep your online life secure and private.