You have probably signed up for many online services that you no longer use. Most of those accounts probably still exist, and they likely contain a combination of your personal information, identity information, and credit card numbers. Don̵
Why You Should Close Those Old Accounts
We live in a time when data breaches are common.
What happens if a service is breached and all the personal data you uploaded to it leaks? What happens if a developer goes rogue and misuses stored credit card numbers, spam you, or sell their service to a company that will?
If you reuse passwords, a password leak on one site means that attackers can gain access to your accounts on other sites. Even assuming you won’t be reusing passwords, the personal information associated with your old, unused account can still give attackers answers to your security questions on other websites.
To protect your privacy, it is a smart idea to delete your private information from services you no longer use. You can do this by closing those legacy accounts instead of leaving them inactive.
RELATED: How to check if your password has been stolen
How to Find Your Old Accounts
Step one is to find those old accounts. Here are some tips that can help you find them:
- Check your password manager: If you use a password manager to keep track of all your login information, your password manager will essentially be a database of all the accounts you have opened. Even if you use your browser’s built-in password manager, it can remember many of your accounts. View the list of saved logins for accounts you no longer use.
- Find your email: If you search your email for ‘welcome’, ‘verify’, ‘your account’, ‘free trial’ and similar phrases found in the ‘welcome’ emails that many services send, you may discover quite a few old accounts you’ve forgotten.
- Check Facebook, Google or Twitter: Many services allow you to “sign in” with Facebook, Google, and Twitter accounts to create an account. If you have used this feature, please check your list of apps associated with your account. Please note that you cannot simply “disconnect” to delete your data. This will not cause the other service to actually delete your account.
- Visit Have I Been Pwned?: This service shows you which leaks your email address was used for. It might remind you of some old accounts, and show you which publicly available leaks already contain your data.
RELATED: Secure your online accounts by removing access to third-party apps
How to Delete Your Old Accounts
Now you have one or more accounts that you want to delete. Deleting the account (s) should be the easy part, but unfortunately it often isn’t.
Here are some tips on how to actually delete an account:
- Search for the name of the website or service and “delete account” using a web search engine such as Google or DuckDuckGo.
- Check JustDelete.me, which provides a handy database with instructions on how to delete a wide variety of online accounts.
- Contact support on the website and request that the account be deleted.
In some cases, you try to log in to an account and you find that the service automatically deleted your old account due to inactivity, or the service may no longer exist.
Unfortunately, some services do not provide a way to delete your old accounts.
RELATED: What is DuckDuckGo? Meet the Google alternative to privacy
What if you cannot delete an account?
If you can’t delete an account, there are things you can do to protect your private information. Log in to the account and follow these tips:
- Delete any saved financial and payment information, such as saved credit card numbers that make it easy for anyone with access to the account to make purchases.
- Delete any private data you have saved in the app. For example, if you have an old account in a notes app, to-do app, or calendar service, you’ll want to delete those old notes, tasks, and calendar events. (Don’t forget to export and download anything you want to keep before deleting it.)
- Delete saved personal identification information such as your name, date of birth, shipping address and other details in the account settings.
Removing all possible personal information from the account will prevent attackers from obtaining much information in the event of a breach.
Try to anonymize accounts that you cannot delete
If an account is empty of all your other personal information, consider “anonymizing” the account by changing the email address and other personal information to something random and meaningless.
For example, maybe you have an account called “Sarah” and the email address firstname.lastname@example.org. You could change the name to “Jake” along with a meaningless email address – perhaps something from an anonymous email service like Mailinator.
Now, instead of an empty account associated with your name and email address, there is simply an empty account associated with a fake name and email address.
Think what would happen if the website’s user database were leaked: attackers would simply get a fake name, a fake email address, a fake birthday, and so on. That is all useless information.
Assuming you’ve erased all of your other personal information, this could be almost as good as deleting the account. Sometimes it’s all you can do.
Think twice before signing up in the future
We’ll be honest: once you really try to delete those accounts, it’s surprising how many are difficult or impossible to delete. If you’ve been online for a few decades, it’s very possible you have hundreds of old accounts that you never use again these days.
Consider being more selective about which accounts you create in the future. In the future, before signing up for an account, you may want to consider whether it’s worth it. Do you really want to give that service your data?
Even if you only sign up for half the number of accounts in the future, that will reduce the “attack surface” of your privacy – there are fewer sources that could put your personal information at risk.