Most people have accounts on dozens of services they no longer use. Those accounts sit dormant, holding old data, with old passwords, and no 2FA — a low-priority target that’s easy to compromise. Here’s how to find them and close them out properly.
Why old accounts are a security problem
Every account you own is a potential entry point. Old accounts are particularly risky because they tend to have weak passwords from before you started using a password manager, no two-factor authentication (it wasn’t standard when many were created), and stored data you’ve forgotten about — addresses, payment info, personal messages.
When those services get breached — and they do, constantly — those old credentials get added to breach databases and used in credential stuffing attacks against your active accounts. An account you haven’t thought about in five years can still cause real damage.
How to find old accounts
Search your email. The most reliable method. In Gmail or Outlook, search for “welcome to,” “verify your email,” “confirm your account,” or “account created.” Sort by oldest first. This surfaces accounts going back years that you’ve forgotten about. Make a list.
Check your password manager. If you’ve been using one for a few years, it has a record of sites you’ve visited and saved credentials for. Review the full list — anything you don’t recognize is a candidate for deletion.
Use JustDeleteMe.com. This site rates how difficult it is to delete your account from hundreds of popular services. If you’re trying to close an account on a specific site and aren’t sure how, search there first — it links directly to the account deletion page when one exists.
The right order to close accounts
Don’t just delete the app. App deletion doesn’t close the account or remove your data from the company’s servers. You need to find the account deletion option within the service itself.
Before deleting: check for any payment method stored on the account and remove it first. Check for any content you want to export — some services let you download your data before leaving. Then find the account deletion option (usually in settings under Privacy, Account, or Security) and delete.
Some services make deletion difficult — they’ll offer “deactivation” instead, which hides the account but keeps the data. Look specifically for “delete” rather than “deactivate” or “close.” If a service won’t let you delete, you can submit a data deletion request under GDPR (if you’re in Europe or the service has European users) or CCPA (if you’re in California). Most major services honor these globally.
Prioritize by risk level
You probably can’t close every old account in one sitting. Prioritize by what’s at stake. High priority: any account with a stored payment method, your old primary email account, social media accounts with personal information, and accounts on sites that have had known data breaches. Lower priority: forum accounts, one-off sign-ups, newsletters.
The goal isn’t perfection — it’s systematically reducing the number of places your data sits. Even closing 20% of old accounts meaningfully shrinks your attack surface.
For accounts you can’t delete
Some services won’t let you fully delete your account. The next best option: change the email to a throwaway address, change the password to a long random string you don’t store anywhere, remove any personal information you can, and revoke any connected app permissions. The account still exists but is effectively disconnected from you.
The bottom line
Set aside an hour. Search your email for old account confirmation messages, make a list, and start closing the highest-risk ones first. Use JustDeleteMe.com when you’re not sure how to delete from a specific service. Fewer accounts means fewer breach notifications, fewer passwords to manage, and less data sitting in places you’ve forgotten about.