Zombie Accounts – They’ll Haunt You

Zombie AccountsBe afraid. Be very afraid. Dawn of the Dead has nothing on these zombies that I’m talking about today. Remember those apps you tried out and forgot about? How about MySpace – remember that? What about those magazine subscriptions you had to sign in to access so you created yet another account with its own username and password? Those are your zombie accounts.

Security policies change all the time, and you’re bound to them as long as your account is active. In Facebook, for instance, we’re constantly being made aware of settings that should be modified if we want information to remain private which may include personally identifying information. Yes, I grumble and complain about it but I’m aware because I’m actively maintaining the account. Here’s what can happen when you’re not keeping an eye on those old accounts.

Some years ago I signed up for an account with a company called ADrive. Dropbox didn’t even exist yet and I needed to share large files with a friend. I only used it once and forgot about it. In March of 2011 I logged in and cancelled the account. I got a confirmation and that was that – so I thought.

For some reason, I recently tried to log into the ADrive account and sure enough, my old email address and password still worked. I immediately contacted customer service and explained when I’d deleted the account and asked for an explanation. I received an email from a nameless representative who stated, “We don’t clear out accounts at this time,” and then asked if I wanted to reactivate my account which, of course, led me to inquire further. Eventually a Craig Stelmach replied and said that ADrive generally keeps files intact for a 3 month period. But I’d deleted the account 2 years ago. Apparently the account is now permanently deleted but I’ll check again in a year or two just to be sure.

Do you see what I mean? Had I never returned and addressed that old lingering account it might still be active today. And this happened even after I had supposedly cancelled the account. Do we really know what’s going on with all that data of ours floating around? No – we don’t. But you do have the right and responsibility to monitor the accounts you create, whether you use them or not.

Consider this, too. Those seemingly insignificant sites that you think don’t matter might be the ones you should be most concerned about. Facebook, Google, LinkedIn and Twitter are huge so even if they can’t prevent every attack, they’ve got the resources in place to monitor and protect member accounts (as well as should be expected) that obscure sites or services may not.

You can check out more on the subject in a PC World article written by Tony Bradley. Get serious about your online accounts.

And if you aren’t already, start keeping track of your accounts and passwords with a good password manager. I strongly suggest SplashID and you can read more on that here.

I welcome your comments! No part of this article may be reproduced in any manner without permission and attribution.