Forgotten Passwords and Abandoned Accounts. Why Is This a Problem?

If you no longer use a service, delete your account, because dormant accounts are a jackpot for hackers.

Our survey revealed that 64% of all accounts are abandoned, and 52% of people can’t access their accounts because they’ve forgotten the passwords. Have you made an account just to use a service or access some content only to abandon it later? Perhaps you then forgot the password and just gave up.

Most people don’t bother deleting their accounts. And so they just sit there, lying dormant and waiting to be hacked. And if that were to happen, you wouldn’t even know about it.

Abandoned accounts: what could go wrong in 1, 2, 3...

Forgotten accounts don’t simply disappear — they remain online. The scary part is that they could be sitting dormant in unsecured databases, which is quite literally an open invitation for hackers. Our recent investigations confirm that more than 10 billion credentials are available in exposed online databases.

1. Are your forgotten details stored in an unsecured database?

Data breaches happen every single day. The first quarter of 2020 was one of the worst in the history of data breaches, with over 8 billion records exposed and thousands of companies left vulnerable. Our independent research also revealed that unsecured databases belonged to companies we would never suspect as being so careless, and those include online learning companies, renowned tech giants, telecom companies, and more. In certain horrifying cases it was their own employees who stole unencrypted master keys to the data.

2. Are your logins easy to crack?

A whopping 80% of data breaches are caused by weak and reused passwords. Even if your forgotten account details are in a secure database somewhere, it doesn’t mean they’re safe. In brute-force attacks, a hacker can try millions of password and username combinations per second on a login page until one works. If yours were super simple or easy to guess, you could be in trouble.

3. Have you used the same password somewhere else?

You’re probably thinking, who cares if the account I made in 2015 gets hacked? It was only to play a game or watch a movie. But since you can’t remember what password you used, you might have used the same one for your social media accounts, your email account, or online banking. It may have been easy to guess and therefore give away other pieces of vital information to a criminal. We discovered that 63% of respondents reuse their passwords, so if one seemingly irrelevant account gets hacked, it could spark a chain of breaches across all your accounts. Not fun.

3 accounts you should never abandon:

Your Facebook account

Every social media platform has its day, and, naturally, accounts will get abandoned for the new trend. With hundreds of forgotten accounts, Facebook has been described as a digital graveyard.

Let’s say a user receives an email warning that someone has logged in to their Facebook account from an unknown device, and they don't see it. Now, imagine that this user logs in to other services via Facebook (which, admittedly, most of us do to avoid remembering logins). As a result, a hacker gets a free shot at all of your accounts that are linked to Facebook.

Do this instead:

  • Enable notifications about logins from unknown devices, and pay attention to them.

  • If you don’t want Facebook anymore, deactivate your account or delete it (those are two different things).

  • Use a password manager with MFA. Upgrade your security by letting a password manager remember your passwords.

Backup email addresses

Staying organized and savvy could come back to bite you. Some people set up a separate email account for sign-ups and notifications for leisurely accounts so as not to clutter their main mailbox. Since it’s full of automated emails, they don’t check it often, and they might not notice if their backup email account has been hacked.

Do this instead:

  • Again, enable 2FA for this account, as it’ll give hackers one more hurdle to cross to break into your account.

  • Set up a second folder in your main mailbox and have messages from your back-up account forwarded to it. That way, you’ll see warning notifications.

Online store accounts

Most online stores need you to create an account to shop with them. You may be required to give your billing or delivery address and link your bank card or online wallet to your profile. For a stress-free experience, the temptation is definitely there.

But what if you’ve only created this profile for a one-off purchase never to use it again? And what if you used your back-up email to register? If the account stays live and gets hacked, imagine how much of your personal information a cybercriminal could steal. You would probably only realize someone was spending your money when you checked your bank statement (if you did), especially since not all online stores request an SMS code to confirm the sale.

Do this instead:

  • Do not link a bank card to an online store account. Store your bank card details in a password manager, as it keeps your information encrypted and autofills it for you.

  • Think about using a second card preloaded with smaller amounts of money for online shopping. This is especially useful considering the current pandemic, which has seen online scams quadruple in less than a year.

Abandoned accounts: what to do next

If you struggle to remember passwords (and who doesn’t?), you don’t have to abandon your account. Nor should you use simple passwords just to make life easier for yourself, as you’ll likely end up in hot water. You can have an easy life and still stay secure online, which is why password managers exist.

Password managers like NordPass encrypt your passwords and store them in a locked vault only you can view. You can store an unlimited number of passwords and never worry about forgetting them. They’re right there, locked and secure in your NordPass app, available whenever you need them. Getting started is easy: you can import all your logins straight from your browser or add them manually. The choice is yours.

Stop creating unnecessary avenues for hackers to get to your accounts simply because you forgot your credentials. Hand over password-stress to NordPass and organize your online life — it’ll be the best thing you ever did for your peace of mind.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.