You’ve probably signed up for a lot of online services that you no longer use. Most of those accounts probably still exist, and they likely contain a mix of your personal data, identity details, and credit card numbers. Don’t leave juicy targets lying around for attackers.
We live in an age when data breaches are common.
What happens if a service is breached and leaks all the personal data you’ve uploaded to it? What happens if a developer goes rogue and abuses saved credit card numbers, spams you, or sells their service to a company that will?
If you reuse passwords, a password leak at one site means that attackers can get access to your accounts at other sites. Even assuming that you don’t reuse passwords, the personal data associated with your old, unused account could still give attackers answers to your security questions on other websites.
To protect your privacy, it’s a smart idea to remove your private data from services you no longer use. You can do this by closing those outdated accounts rather than leaving them dormant.
Step one is finding those old accounts. Here are several tips that can help you find them:
- Look in Your Password Manager: If you use a password manager to keep track of all your login details, your password manager will effectively be a database of all the accounts you have open. Even if you use your browser’s built-in password manager, it may remember many of your accounts. Look through the list of saved logins for accounts you no longer use.
- Search Your Email: If you search your email for “welcome,” “verify,” “your account,” “free trial,” and similar phrases found in the “Welcome” emails that many services send, you might discover quite a few old accounts you’ve forgotten about.
- Check Facebook, Google, or Twitter: Many services let you “sign in” with Facebook, Google, and Twitter accounts to create an account. If you’ve used this feature, check your list of apps connected to your account. Bear in mind that you can’t just “disconnect” the connection to clear your data. This won’t make the other service actually delete your account.
- Visit Have I Been Pwned?: This service shows you which leaks your email address has been a part of. It might remind you of some old accounts—and it’ll show you which publicly available leaks have already contained your data.
Now you’ve got one or more accounts you want to delete. Actually deleting the account(s) should be the easy part—but unfortunately, it often isn’t.
Here are some tips for finding out how to actually delete an account:
- Search for the name of the website or service and “delete account” using a web search engine like Google or DuckDuckGo.
- Check JustDelete.me, which offers a convenient database with instructions for deleting a wide variety of online accounts.
- Contact the website’s support and ask to delete the account.
In some cases, you might try to sign in to an account and notice that the service automatically deleted your old account for inactivity—or the service may no longer exist.
Unfortunately, some services provide no way to delete your old accounts.
If you can’t delete an account, there are things you can do to protect your private data. Sign in to the account and follow these tips:
- Remove any saved financial and payment information, such as saved credit card numbers that make it easy for anyone with access to the account to make purchases.
- Delete any private data you have stored in the app. For example, if you have an old account in a note-taking app, to-do app, or calendar service, you’ll want to delete those old notes, tasks, and calendar events. (Remember to export and download anything you want to keep before deleting it.)
- Clear saved personal identification details like your name, birthday, shipping address, and other details in the account’s settings.
If you remove all the personal data you can from the account, attackers won’t be able to get much data in a breach.
After an account is empty of all your other personal information, consider “anonymizing” the account by changing the email address and other personal information to something random and meaningless.
For example, perhaps you have an account with the name “Sarah” and the email address [email protected] You could change the name to “Jake” along with a meaningless email address—perhaps something drawn from an anonymous email service like Mailinator.
Now, instead of an empty account tied to your name and email address, there’s just an empty account tied to a fake name and email address.
Just think of what would happen if the website’s user database leaked: Attackers would just get a fake name, a fake email address, a fake birthday, and so on. That’s all useless information.
Assuming you’ve erased all your other personal details, this can be almost as good as deleting the account. Sometimes, it’s all you can do.
We’ll be honest: Once you start really trying to delete those accounts, it’s surprising how many are difficult or impossible to delete. If you’ve been online for a few decades, it’s very possible you have hundreds of old accounts that you never use these days.
Consider being more selective about what accounts you create in the future. In the future, before you sign up for an account, you might want to consider whether it’s actually worth the trouble. Do you really want to give that service your data?
Even if you just sign up for half as many accounts going forward, that will reduce your privacy “attack surface”—there are fewer sources through which your personal information could be compromised.