Why You Need To Delete Your Old Accounts

ttt-logoMost people let old accounts languish. But abandoned accounts are filled with information that can be used to send spam, spread malvertising, and commit cybercrimes.

For example, I frequently get email messages from people I know, but haven’t talked to in a while. Invariably the email subject is blank or says nothing but, “Re:”. Sometimes the email includes a suspicious attachment. And I sigh and delete the message, because I know these unused accounts have been hijacked from their unsuspecting owners and are now controlled by hackers.

But hijacked accounts go beyond mere annoyance. They are often used to hack other, juicier targets, making it more difficult for such electronic attacks to be traced back to the perpetrator. They can also be used in online financial scams, such as the “I’m stuck overseas and need you to wire me money” scam. Such scams appear far more realistic when they come from a seemingly-legitimate source like a friend’s email address rather than some random account, and many people fall for the trick.

Hijacked accounts can also be used to hijack other accounts like Facebook, Twitter, or even your bank account, if it’s been linked to them. It’s like a stepping stone to the rest of your stuff.

For these reasons, you should always delete old accounts if you are no longer using them. If you’re concerned that someone will take your old username, I recommend maintaining your old accounts by logging into them every few months and using strong passwords that have not been used on any other site.

You will need your username and password for the account you wish to delete. If you don’t have it, you typically need to follow the site’s procedures to recover a forgotten password before you can continue the deletion or deactivation process. Don’t forget to remove the deleted address from other accounts if it’s been linked to them, such as an old email address linked to your Facebook account.

You should note, however, that just because a site claims your account has been deleted, it may not necessarily have been. Many sites retain old accounts in case you want to reactivate them later. Also, your data may not be deleted even if you request it. Over the years any information you’ve stored online has doubtless been copied to untold backups and mirror servers. In reality, once your data is on the Internet, it’s out there forever. But at least by deactivating or deleting your accounts, you can help keep them (and the data they contain) from being used for nefarious purposes.

Here’s how to delete or deactivate your accounts on a variety of popular sites, old and new.


How To Delete Your Old Email Accounts

Did you know your old email account may be spewing spam and malware? In today’s The Northwest Herald I talk about the importance of deleting old accounts:

It happens all the time. You move to a new email address but leave the old one intact; you set up a Yahoo! or Gmail account but never get around to using it. We assume these accounts wait patiently for us. On the contrary, they cower, helpless, waiting for the first hacker who can figure out the passwords.

Unfortunately many people use weak passwords, especially for throwaway accounts. We’ve seen examples of this with a rash of recent security breaches at Yahoo!, LinkedIn, and eHarmony, among others.

These breaches reveal that many people use simple, plain-text phrases like “linkedin”, “mypassword”, and “123456”. People also use the same two or three passwords in rotation. What are the chances some old account of yours uses a password you’ve reused elsewhere?

Here are the additional resources I mentioned in the article. You might find these related Tech Tips articles helpful:

Here are links from some of the more common email providers about how to delete accounts. Note that these links may change without notice, and that account deletion policies vary by provider. Consult the individual site for more information. I’m providing the exact URLs so you can see where you’re going.

And, some social media ones:

Image: FreeDigitalPhotos.net

Happy Password Change Day: Gmail, AOL, Comcast, Yahoo! Accounts Also Breached

Apparently the phishing scam that netted usernames and passwords for thousands of Hotmail accounts was wider than previously thought. The latest news indicates that Gmail, AOL, Comcast, and Yahoo! users, among others, may also be affected.

My advice to everyone is to make today Password Change Day. Get out there and change the passwords for all of your accounts. Use a combination of numbers, letters and symbols (where allowed) and be sure to use a different password on every system. Again, you can follow my password tip sheet (PDF) for guidelines on creating strong passwords.

I am often asked, “what does it matter?” accompanied by the protestation, “I don’t have anything important in my email anyway.” I would like to respond that you should care if:

  • You want to avoid identity theft. Many people use the same password or set of passwords for all systems. If someone gains access to your email password, even an old one, they will try to use it to get into your other, juicier accounts, like your bank. And they will probably succeed.
  • You hate viruses. Most viruses are distributed through compromised computers (called zombies).
  • You hate spam. Most spam is sent from compromised computers. Your email address book is a gold mine for spammers because it’s a list of guaranteed good email addresses.
  • You want your computer to work properly. Nothing slows a computer down like being zombied (see above).
  • You don’t want someone else surfing the Internet on your dime. If you use an email account from your Internet provider, the same password is used both for email and to authenticate you to your provider’s network. If you use a common dictionary word without symbols as the password–shazam! instant access.
  • You don’t want to go to jail for someone else’s crimes. Take the above scenario and imagine that the person who’s hijacked your Internet account is dealing in pirated software or child pornography. Unless you can prove it wasn’t you (and that may be difficult), you could be held liable. People committing crimes on the Internet use other people’s accounts for exactly this reason.

Although some people advocate that you not write your passwords down, I say it’s okay as long as you keep the written record somewhere secure, like a locked drawer or safe. (NOT on a sticky note on your monitor or under the keyboard, please!) Excel spreadsheets and other computerized means of tracking passwords are not good ideas, because the first thing a virus will do is check for convenient lists of the rest of your passwords. You might as well hand out your passwords on your business cards. And no, password-protecting the spreadsheet doesn’t work either; those are cake to crack. Properly encrypted password managers do work, but I favor the old-fashioned paper approach, as long as it’s kept out of sight.

It really isn’t that difficult to maintain different passwords on every system. I’ve done it for decades. If we would all follow the basic, simple practice of secure password management, we could cut down on the viruses, spam and other problems that plague us all.

You should also be aware of the kinds of scams that caused these breaches in the first place. Try the SonicWall Phishing Quiz to test your skills on identifying phishing attempts, when a hacker emulates the login page of a site to con you into entering your username and password.

Subscribe FREE to the email version of Tech Tips between now and October 14, 2009 and I’ll send your special gift: a tip sheet on Computer Housekeeping for PC and Mac.

Is AOL Censoring Blogspot Links?

This is why I started Triona’s Tech Tips – because there are murky things going on in the computer world that consumers have no way of detecting. Today it’s your Internet service providers, who are once again doing things without telling their subscribers.

In starting this blog, I naturally added its address to my email signature:


In the course of checking my Monday morning mail, I sent a reply to a client with whom I’ve worked for years. Imagine my surprise at the following bounce message:

PERM_FAILURE: Rejected by the recipient domain. The error that the other server returned was:
554 554-: (HVU:B1)http://postmaster.info.aol.com/errors/554hvub1.html

I recognized the error because it’s an unusual one, and because I’d just seen it over the weekend when sending a non-work-related email. I immediately recognized the commonalities: both emails were addressed to AOL users, and happened to have links to Blogspot blogs.

A little web sleuthing came up with this:

It appears AOL has decided, without telling its users, that it’s no longer going to accept email messages that happen to contain Blogspot links. And Blogspot happens to be owned by Google.

This is a horrible precident, one that echoes the arguments in favor of net neutrality. If it’s okay for an Internet provider to decide which links it will allow in email, what’s to stop them from, say, refusing all emails from non-affiliated providers? Imagine if your cell phone company decided you couldn’t receive calls from another company’s customers!

This isn’t going to provide computer security for AOL users, as the error message implies. It’s going to send those users – who are already plenty ticked about their degrading service, especially dial-up – straight into the arms of some other provider.

If you’re an AOL user and suddenly not receiving some emails, this may be part of your answer. And if you are emailing AOL users, you’ll have to break up the “blogspot” address, like this:

b l o g s p o t . c o m

Otherwise your message may never reach your recipient, and you may never know why.