Don’t Kill All Your Zombies

Cybersecurity | 0 comments

Image from Negative Space at Pexels.

The WSJ ran a story about the risks associated with old online accounts, often referred to as “zombie” accounts. They recommend deleting these old accounts.

We may forget about them, but these accounts pose a risk. They make us more vulnerable to criminals who want to steal the personal data stored there, from our passwords to our contact information to even our credit-card numbers.

This statement isn’t wrong but it is incomplete.

I do not recommend that people delete their old social media accounts. You want to control your online presence, when you delete an old account you make it possible for someone else to pick up the same username at that sight and pretend to be you. Worse, anyone that knew you at that username would not easily know it wasn’t you.

I once had someone signup for an Instagram account with an old email address of mine, which I still controlled. It was faster for me to take over their account through a password reset than to get it shut down. To this day, I have control of the account.

So what do you do instead?

The Journal also fails to note that people at the highest risk of—those that reuse passwords—probably have their passwords on the dark web already. Deleting that MySpace account from 20 years ago was already exposed in 2016.

  • Remove saved credit cards from your old sites.
  • Change the password to something long and random.
  • Make sure 2FA is on.
  • Make sure your contact information is up to date, especially your email and cell phone number.

There may be other reasons to delete those accounts. If you have messages, search history or purchased products you don’t want to see public ditching those accounts make may sense. But remember, the other person on that message still had their copy which also means that the site keeps a copy. Deleting the account may or may not delete your data.

Note: my advice doesn’t apply to all sites. Deleting your accounts at old shopping sites or places where you signed up for a 30-day trial and no more makes plenty of sense.

At the end of the day you will need to use your own common sense. Don’t take the advice of the Journal—or mine—blindly.

0 Comments