Think you know your digital footprint? Think again. The web is littered with your forgotten accounts and they're a hackers dream. Here's what you can do.
By Paul Newton
This week a colleague showed me a useful website called haveibeenpwned.com. The site allows you to check if one of your online accounts has ever been compromised in a data breach. I entered my email address and, unknown to me, one had. Details of my long forgotten last.fm account had been exposed in a hack in 2012. That’s my email address, password, username and my questionable taste in music, out in the open.
Whilst my last.fm account wouldn't have contained much personal information, it did get me thinking. How many other accounts have I signed up to over the years and since forgotten about? Those working in digital might be familiar with this, always wanting to try out the latest app, and maybe not keeping track of them.
So as a bit of fun (#YOLO) I grabbed a piece of paper and pen and jotted down all of my social media and website accounts that came to mind – all the obvious ones. That came to around 20.
More accounts started to come back to me. I signed up to ‘Super’ a year ago to test it out, that account still exists. And ‘Meerkat’, which I maybe used once. I definitely have an unused ‘Pokemon Go’ account linked to my gmail, and I think I’d signed up to ‘Beme’ last year too. Further back, I remember using ‘Friends Reunited’, and I don’t remember deactivating that account (the network actually closed down this year) and the one and only ‘MySpace’!
The list of active and ‘forgotten’ accounts grew to over 40.
I won't tell you how long the list of all of my current active accounts is (it's pretty long), but I’ve concluded that I have around 25 accounts I no longer use or need. So not loads, but for some of them I'm certain I would have used the same password as the compromised last.fm one (I had a lazy password habit back in the day).
Does this all really matter? Well, I think it does. Some of my lost accounts will hold personal information which I should have really done a better job of looking after. And managing online profiles carefully, storing memories safely online, and understanding your data rights has never been more important. I’d recommend spending a few minutes tracking down and deleting some of those old, unused social media profiles, if only for the fun of the chase! Entering you email on suspected sites and clicking forgot password is the best way to get back in. Oh, and whilst you're at it, revoke some of those old apps you have connected to your Twitter and Facebook.
I’ve deactivated 9 accounts so far, more to go. But it’s surprising (or maybe unsurprising) how difficult it is to deactivate some accounts - some sites require a support ticket and ask for a reason. It's as if they don't want you to leave and want to hold onto your data!
As a final note, here are the top 100 Adobe passwords following a breach in 2013 – yes, that's almost 2 million people who use 123456 as their password!
But you'd never do that, would you!?
Paul Newton is digital communications manager at Keele University.
Picture credit: Documerica / Flickr