Zombie accounts can come back and really bite you. Do you have zombie accounts? Do you know what they are? Simply put, Zombie accounts can kill your practice. They are old online accounts that you never use, never think about, and never deleted. Everyone has them. You want to read a news article so you sign up for an account, read the article and never give it a second thought. How about a professional service or a retail location? Have you ever ordered once from somewhere for that special occasion? You very well could have added PII, like financial data, credit card data, etc. that can easily come back to get you.

Do You Have Zombie Accounts?

The problem with some of these zombie account is that you may have done it 10 years ago or longer. At that time, you may not have had the most secure password. Of course you can’t remember every site you logged in or signed up for, but chances are you have quite a few Zombie accounts that you would like to address.

Every day there are, thousands of lists that contain user credentials like email and password combinations are sold in Dark Web data markets or added to Dark Web data dumps. Complete user records stolen in past cyberattacks or scooped out of old databases are also regularly added to Dark Web sources. In 2020 hackers dropped more than 22 million records on the Dark Web. Many of those user records have been collected from sources that are no longer in business, but you may have had a password-protected account there. According to a recent survey, the average person has over 10 old password-protected zombie accounts, and 30 percent have “too many to count.”

If you think that because you’ve stopped using an account or haven’t updated your information in a long time, doesn’t mean those accounts don’t pose the same third party risk as active accounts. These zombie accounts are jackpots for cybercriminals. Old accounts provide bad actors with ammunition like an executive’s personal details to create a well-crafted spear phishing message as part of a business email compromise attack or forgotten credentials from an old shopping account that your staffer has reused, opening you up to risk for credential stuffing attacks.

One important danger of zombie accounts is the risk of password compromise created by their poor password habits. Password reuse and recycling are endemic — 91 percent of participants in a recent survey understood the risk of password reuse but 59 percent admitted to doing it anyway. Often, those passwords weren’t strong to begin with, and many folks simply change a character or two between their passwords as they use them for different accounts — or they’re part of the 13 percent of people who use a single password on every account and device that they use. I personally have hundreds of accounts. If I used a different password for each one, how would I know? Simple, use a password vault like Dashlane or Lastpass. Having a secure vault will take away the need to remember all your passwords. Plus, you can log into them and either delete the zombie accounts or change the passwords on them to something very secure.

You want to make sure your practice is protected from zombie accounts. You may have some that old employees used. Contact Tier3MD for a dark web scan to assist you with finding out if your credentials are out on the dark web. It’s easy and cheap to check.