One of the earliest large-scale social media sites, MySpace, suffered a data breach that may have occurred as early as 2013 but was only discovered in 2016. The stolen information was found for sale on a black market data website and contained usernames, email addresses, and passwords to an estimated 360 million user accounts. When the announcement of the breach was made, a lot of people shared the same initial thought: “Do I still have a MySpace account?”
As funny as that may sound, it’s actually no laughing matter. The information contained in the breach could easily have compromised individuals’ current internet accounts due to the all too common practice of reusing passwords.
A lot of people actually have old accounts lying around they never use, never visit, and probably never think about, but those accounts can come back to haunt you in a data breach. This is especially true for email accounts that you may have opened some time ago and then abandoned, as those email addresses are actually still viable.
Here’s a hypothetical scenario: the MySpace information that was sold contained email addresses. If you haven’t used MySpace in years, the email address you provided when you opened that account might not be your primary email address anymore, but it’s still in working order. A hacker uses your MySpace email address, hacks into it, and then starts locating other old accounts on the web that use that same email address as the login. They change your password on those other sites by clicking “forgot my password” and following the link that is emailed to your old address, and then they control those accounts.
It’s also possible that there’s enough user information in your old email account or MySpace account to “mask” your identity and use it elsewhere. The hacker can use your entire pieced-together identity to establish new accounts online and assume your internet identity.
Finally, if your old email address that you never check is your “backup” or recovery email for accounts you do still use, like your current email address, they can click “forgot my password” and have the reset link sent to your “recovery” email address, which they’ve already gained access to. After that link shows up in your long-forgotten email inbox, they now control your current email account, and therefore all of the current internet accounts that rely on that user address, like Facebook, Amazon, PayPal, and more.
If you have outdated accounts lying around, now is the time to clean house. Log into each account and go into the settings, then delete or deactivate the account. This same advice is true for apps you no longer use, as they too contain personal details that could be stolen in a data breach or hacking event. By clearing out the virtual cobwebs, you’ll leave less of a trace for hackers and shut down some of the avenues to your current data.
If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.