The Latest Kaspersky News
Product and Solution Information, Press Releases, Announcements
|6 accounts you should never abandon|
|Posted: Wed Oct 23, 2019 10:39:08 AM|
Can you recall every online service account you have? Maybe you signed up to access some content or because a friend asked you to, then lost interest. Many users simply stop logging in and donít bother to delete their accounts. The accounts sit there, dormant, waiting to be hacked ó but if they are, you wonít know about it anytime soon, if ever.
Abandoned account: What could go wrong
Does it really matter what happens to an unwanted profile, though? If it gets hacked, so what? You didnít need it anyway. However, in some cases, an abandoned account can be exploited to gain access to resources and important information that you do need. Hereís what you need to know.
1. Social network accounts
Few people regularly check their accounts in all of their social networks. Say, for example, a person creates a Facebook profile, uses it to log in to Instagram and other services (handy, right?), and then realizes he doesnít actually need Facebook ó not an uncommon scenario. Sure, the social network continues to send e-mail notifications if the user didnít bother to disable them, but they get filtered into a separate folder that he quit checking long ago.
Again, a more-than-plausible scenario. When the user receives an e-mail warning that someone logged into his account from an unknown device, he doesnít see it. The cybercriminals who logged in have a free shot at the accounts linked to Facebook. They will also probably have time to sting some of the victimís friends or followers on Facebook.
What to do
2. Backup e-mail address
Many people set up a separate e-mail account for mailings and notifications so as not to clutter up their main mailbox, and use it for registering everything and anything, including profiles with important data. And no incoming e-mails there are from real-life people, so they donít check it very often. Therefore, they may not notice for a long time that their backup e-mail has been hacked ó at least not until they lose access to a very important account.
What to do
3. Password manager
What if you saved your account credentials in a password manager, and then decided to replace it with a different app? The profile in the old manager doesnít go anywhere, and neither do the passwords in it (half of which you probably didnít change). If someone gains access to this profile, they will be able to get into your accounts. And even if you do discover the theft of an account, it wonít be immediately obvious how the cybercriminal got hold of the password for it.
What to do
4. Online store account
Many stores invite you to link a bank card or online wallet to your account to make shopping easier. Some even do it automatically. If you are a frequent user, the temptation to do so is great. In addition, the profile is likely to contain your home or work address for delivery of goods, plus other valuable personal data.
But there may come a time when you stop using the service. If the account remains live and gets hacked, the cybercriminals will gain access to your data, which you will probably find out about only when they try to buy something in your name. Or just buy, without the trying bit, since not all services request an SMS code to confirm the transaction.
What to do
5. Google work account
It is common to create separate Google accounts if you need access to Google Analytics and other services at work. Keeping personal and work profiles separate makes perfect sense. The problem is that many people forget to delete Google work accounts when they change jobs.
As a rule, company-created accounts are immediately blocked by IT security after the user departs. But they might miss ones that the former employee set up on their own, such as a Google account. The result could be one or more unclaimed accounts swimming around in the online ocean, offering passing sharks access to work documents and other confidential information. The hacking of such an account will be very, very hard to detect, because no one will even remember it exists.
What to do
6. Phone number
To keep their main phone number out of spam databases, some users have a separate one for various services, loyalty cards, bonus programs, public Wi-Fi networks, and so on. And sometimes the same phone number is used for two-factor authentication as well. Although technically a number is not an account and cannot be abandoned in the full sense of the word, problems can still arise. On the one hand, a number of accounts are linked to this number. On the other hand, you are unlikely to use this number for calling or texting.
The bottom line for the telco, meanwhile, is that an unused SIM is unprofitable. If you need a number solely to receive SMS messages and never spend anything on the account, the carrier can block it in three months and then resell it.
Sometimes those numbers are snapped up instantly, so you may not have time to relink your accounts to the new SIM. The buyer, on the other hand, will be able to find your accounts in the respective online services ó and if they change the passwords, recovering wonít be easy.
In particularly unfortunate cases, the new owner can even get access to bank accounts and online wallets linked to the number and spend your money before you have time to notify the bank. For example, a woman in California had her credit card charged after her operator recycled her number to another customer.
What to do
How to avoid problems with abandoned accounts
As you can see, even an unneeded account can cause a lot of problems if hijacked. Preventing a problem is much easier than dealing with its consequences. Therefore, we recommend that you keep track of your accounts. Here are some general handy tips: