Your old accounts are an online gold mine for cybercriminals — what you need do right now to stay safe
That data is just waiting to be breached.

If you had to guess how many online accounts you have, right now, would you have any idea?
Think about it: Every grocery pickup, mobile game, fitness app, home improvement store, book orders for the kids school, medical portals for doctors notes, social media accounts, photo editors, smart home devices, banking apps, shopping apps… According to research done last year by NordPass, on average people have almost 170 passwords for various accounts.
And honestly, if you’ve lived most of – or all of – your life online, that’s probably a low number for the amount of accounts you’ve created, used and then forgotten or abandoned. But all those old accounts out there, that you never deleted, are just sitting around with your data in them waiting for a breach which makes them a security risk.
In world of increasingly large data breaches, many of which are comprised of older breaches or old data that is grouped into larger and larger amounts of personal information about users, letting accounts of personally identifiable information just sit on the web in old accounts that may not have updated protections like two-factor authentication or strong passwords is a practice that puts your cybersecurity at risk. Here’s how to clean up your act, and make sure you’re set up safely going forward.
Why are old accounts a security risk?
Think about the type of information you provide when you sign up for an account: name, email address, physical address, birthdate, payment information. This is all exactly the kind of data that you find in massive data breaches – and exactly the kind of data that threat actors are looking for.
Once someone has gained access to your personal information they can use it for a variety of malicious purposes. For example, if a hacker has access to an email or social media account, they can spam your contacts with scams or launch phishing attacks using your name and account. They could even attempt to trick your contacts into installing malware.
A dormant or inactive account could hold personal information or sensitive details like photos of drivers licenses or insurance information, which could then be used to commit identity theft or fraud. If there is active financial information in an account, a threat actor could drain your funds or sell your account details.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
How to get started in cleaning up old accounts
If you know you have old accounts that you don’t use anymore, go ahead and delete them. It may sound like a hassle but it’s also the kind of thing you can do while watching 'Love Island' in the background.
If you don't know where to start looking for old accounts, a good place is to search your email inbox for common account keywords: "welcome," "thank you for signing up," "verify account," or "validate account." You can also go through your password manager to see what it has saved passwords for.
You should also check the saved password list in your browser and to see if anything there has a link to an unused account. It's easy to quickly check this list in most browsers: For Chrome go to Settings > Passwords. For Safari it's Preferences > Passwords. In Firefox go to Preferences then Privacy & Security > Saved Logins. And in Edge it's Settings > Profiles > Passwords > Saved Passwords.
Also, because some services let you easily sign in with Google, Facebook, Twitter or an Apple ID you should check the list of apps that are connected to all those accounts. Disconnecting those accounts doesn't "kill" the old account, but it will tell you what you need to delete.
Visit Have I Been Pwned? which will show you which leaks your email address has been a part of – and may remind you about a few accounts you'd forgotten about. Bonus: it will also tell you which accounts may need their passwords updated more frequently or may need to be watched more carefully because of a breach.
If you have icons on your phone, tablet or desktop for services or apps you know you don’t use any longer, log in and close the accounts then remove the apps from your device. Lastly, look into your antivirus software – some programs like Bitdefender have features that will find all accounts that you’ve made with Google and Outlook with a click.
What if you can't close an account
If you’re having trouble deleting an account, don't stress – some sites and services make that a hassle by design. Start by Googling the site or service and "delete account to see if there are any tips or shortcuts posted, or check justdelete.me which is a handy database of instructions for removing and killing accounts. If that doesn't work, try contacting the websites support or administrators.
If you simply cannot find a way to remove the account, you're still not out of luck because you can still:
- Remove any saved financial and payment information like credit card numbers.
- Remove any private data like calendar events, notes, tasks – you can always export or download anything you want to save.
- Clear personal identification details like your name, birthdate, shipping address and any other additional details that someone could use to steal your identity or commit fraud.
- Input a new fake name and a fake email - you can always pull something up from Mailinator if needs be.
- Clear out accounts of old messages, especially anything that may hold sensitive personal information like invoices with credit card details, images of drivers licenses or ID information and the like.
Lastly, as you're going through these steps, consider how easily you sign up for accounts in the future and if you could use a guest account next time. Consider getting a dedicated email account for sign ups, so you can easily check them in another few months to see what needs to be removed then.
For any accounts you don’t remove, make sure that you update your password, and have it stored it a password manager. Also consider using a passkey, or at least multi-factor authentication.
More from Tom's Guide
- Microsoft Authenticator will shut off the password autofill feature in July — here’s how to save them
- These 5 macOS settings are a security risk and you should turn them off now
- Do you really need to pay for antivirus software?









Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.