Consumers who leave old online accounts open are putting themselves at risk, and they likely don't even know it.

The reason? It's "zombie accounts." These are personal online accounts that are dormant or old that cyber thieves "re-open" in an effort to pilfer critical user data like Social Security accounts, financial accounts, home addresses, phone numbers, passwords and email addresses.

Zombie accounts triggered headlines in 2016 when the Myspace social network was breached, with usernames, passwords and addresses from an older version of Myspace cracked open by cyber-criminals. Myspace has suffered in popularity in recent years, but an estimated 360 million users still had accounts on the social media platform and likely didn't realize their data was vulnerable or that it was breached.

Once Myspace was breached, cyber thieves could then conduct phishing campaigns online using the email addresses and passwords they uncovered during the breach, leading to the loss of more critical data, like credit card and Social Security numbers.

"Because of password reuse, not only are the accounts that were compromised at risk, but other accounts that have not been breached that aren't zombies are extremely vulnerable," says Robert Siciliano, CEO at IDTheftSecurity.com. "Many of those breaches start with usernames, passwords, and email addresses. To fight back, online consumers should be using two-factor authentication, which must be deployed immediately."

The biggest risks and vulnerabilities with zombie accounts are two-fold, says Justin Lavelle, chief communications officer at BeenVerified.com

"First, accounts that spring back to life without your knowledge can subject you to overdraft fees and maintenance fees," Lavelle says. "The example that is used most is the closed account that is reopened by the bank because of a small deposit that hits the account - sometimes from the bank, itself."

"The deposit triggers the account to reopen and then, especially if the account has a minimum deposit limit, may start charging monthly maintenance fees against that balance, which can deplete the balance and create a negative balance and overdraft fees," he explains.

Lavelle says it's "essential" that if you receive statements on accounts that you closed, you don't just discard the statement. "Instead, look at it and make sure a zombie account isn't wrecking your life," he says.

Additionally, zombie accounts have all of your information and you may not be monitoring the account because you think it is closed, Lavelle notes. "These accounts are more vulnerable to identity theft because of the lack of monitoring on the part of consumers. "Zombie accounts are also susceptible to phantom attacks which are accounts that are opened "fraudulently" in your name," he adds.

How to kill off zombie accounts? It's not always easy, Lavelle says.

"Make sure that you read all the fine print of your bank's account agreement," he notes. "A lot of banks still have language that they can and will reopen an account if it is hit with a deposit or charge. This means that it is your responsibility to cancel all auto payments and make sure that direct deposits are canceled."

"Even taking that step may not end the problem, because there may be amounts that the bank or some other unknown entity directs to that account, thus triggering the reopening of the account," Lavelle adds.

Lavelle says there are bank services like ChexSystems that act much like credit reporting agencies and monitor and track your bank accounts' activity. "Yes, it is another agency that you need to think about monitoring," he notes. "However, this service can alert you if some action takes place on an account you have long ago closed and forgotten about."


The more online accounts that you have that contain sensitive personal information, the more likely you are to become a victim of identity theft, says April Lewis-Parks, director of education at Consolidated Credit Counseling in West Palm Beach, Fla.

"Each account is an opportunity for cyber-thieves to steal your personal information if that website is ever hacked," Lewis-Parks states. "The trouble with zombie accounts is that you may hear about a hack or data breach and assume you're fine, because you believe that you closed your account. However, if the account was reopened by the provider without your knowledge, you could still be at risk."

Lewis-Parks says online consumers need to be diligent about closing any online accounts that they no longer use. "Make sure to check with the service provider to get instructions on how to close your account correctly," she advises. "But even so, if you hear about a breach on a service you used to use, you may want to double check with the customer service department to make sure your account was closed and that your information is not at risk."

Another way to minimize the risk of identity theft from zombie online accounts is to use unique passwords for every account. "People often reuse passwords or share them between accounts because it's easier to remember the credentials," Lewis-Parks notes. "However, this creates a higher risk of zombie account identity theft. If a cyber thief gets the password to an old account, they can use it to gain access to other active accounts that you have that shared the same password. If all your passwords are unique, you don't have to worry about that happening."

Don't let zombie accounts trigger a big scare in your life. Take the tips above, and slay those zombies, once and for all.

More of What's Trending on TheStreet:

More from Debt Management

What Is a Fiduciary and What Are Their Responsibilities?

What Is a Fiduciary and What Are Their Responsibilities?

How to Save Money: Daily, Weekly and Lifelong Habits

How to Save Money: Daily, Weekly and Lifelong Habits

How to Prevent Debt From Destroying Your Retirement

How to Prevent Debt From Destroying Your Retirement

How Long Does It Take for a Check to Clear?

How Long Does It Take for a Check to Clear?

How to Write a Check: Six Steps With Examples

How to Write a Check: Six Steps With Examples