How many online accounts have you created over the years? Think about it — every shopping site, social media platform, forum, dating app, gaming service, email provider, and random website that required a signup. The average person has over 100 online accounts. Most of us have forgotten about the majority of them.
Those forgotten old accounts are privacy time bombs. Each one holds your personal information — email, password, phone number, address, payment details — sitting in databases that could be breached at any time. And when a company you forgot about gets hacked, your information gets leaked alongside everyone else’s.
This guide shows you how to find your forgotten accounts, delete them, and reduce your attack surface.
In this guide:
- Why old accounts are a privacy risk
- How to find accounts you’ve forgotten about
- How to delete old accounts
- What to do when you can’t delete an account
- How to prevent account sprawl going forward
While you’re cleaning up: Old accounts aren’t the only source of your data exposure. Data brokers independently collect and publish your personal information on hundreds of sites. Run a free Optery scan to see what’s exposed beyond your old accounts.
Why Old Accounts Are a Privacy Risk
Every old account you’ve forgotten about is a liability. Here’s why:
Data breaches target everyone. When a company gets hacked, every account in their database is exposed — active or not. That MySpace account from 2008? It was part of a breach that exposed 360 million accounts. The LinkedIn account you stopped using in 2015? Breached — 164 million accounts exposed. If your email and password are still in these databases, they’re now available to criminals.
Password reuse compounds the damage. If you used the same password on an old account as you use on current accounts, a breach of the old account gives criminals access to your current ones. Check if your email has been in a breach →
Old accounts feed data brokers. The personal information in your old accounts — your name, email, phone number, address — eventually flows into data broker databases. Every account is another data point that makes your broker profile more complete.
Your information stays indefinitely. Most companies don’t delete your data when you stop using their service. Unless you actively delete the account, your information sits in their database forever — waiting for a breach.
Each account expands your attack surface. In cybersecurity, your “attack surface” is the total number of potential entry points a criminal can exploit. Every old account is another entry point. Fewer accounts = smaller attack surface = better security.
How to Find Accounts You’ve Forgotten About
Finding all your old accounts is the hardest part. Here are the best methods:
Method 1: Search Your Email
Open your email and search for these terms:
- “Welcome to” — catches signup confirmation emails
- “Verify your email” — catches account verification emails
- “Your account” — catches account-related notifications
- “Unsubscribe” — catches newsletters and marketing emails from services you’ve signed up for
- “Your order” or “order confirmation” — catches shopping accounts
Scroll through the results. You’ll be surprised how many accounts you’ve forgotten about. Make a list of every service you find.
Method 2: Check Your Password Manager or Browser
If you use a password manager or your browser saves passwords, check the full list of saved credentials:
Chrome: Go to passwords.google.com to see every password Chrome has saved
Safari: Settings → Passwords
Firefox: Settings → Privacy & Security → Saved Logins
This gives you a comprehensive list of sites you’ve created accounts on — many of which you’ll have completely forgotten.
Method 3: Check “Sign in with Google/Facebook/Apple”
If you’ve used social login to create accounts, check which apps have access:
Google: myaccount.google.com/permissions — shows every app with access to your Google account
Facebook: Settings → Apps and Websites — shows apps connected to your Facebook
Apple: Settings → Apple ID → Password & Security → Apps Using Apple ID
Revoke access for anything you don’t actively use, then go delete those accounts entirely.
Method 4: Use Have I Been Pwned
Check haveibeenpwned.com with your email. It shows which breached services had your email in their database — which also tells you which services you had accounts with, including ones you’ve forgotten.
Method 5: Google Yourself
Google yourself and look for old profiles, forum posts, and accounts that appear in search results. Old social media profiles, dating profiles, forum accounts, and blog posts may still be indexed.
How to Delete Old Accounts
Once you’ve found your old accounts, here’s how to delete them:
Step 1: Try to log in. Use your email and any passwords you might have used. If you can’t remember, use the “Forgot password” function to reset it.
Step 2: Find the account deletion option. Look in Settings → Account → Privacy for options like “Delete account,” “Close account,” or “Deactivate.” It’s usually buried in the settings — companies don’t make it easy to leave.
Step 3: Check JustDeleteMe. If you can’t find the deletion option, visit justdeleteme.xyz — it’s a directory of direct links to account deletion pages for hundreds of services. It also rates how difficult each service makes the deletion process.
Step 4: Remove personal information first. Before deleting, change your account name to something random, remove your phone number and address, and replace your profile photo. Some services retain data even after “deletion” — scrubbing your info first provides an extra layer of protection.
Step 5: Delete the account. Follow the deletion process. Some services require email confirmation, a waiting period (often 14-30 days), or contacting customer support.
Step 6: Remove saved passwords. After deleting the account, remove the saved credentials from your browser and password manager. This keeps your records clean.
What to Do When You Can’t Delete an Account
Some services make account deletion extremely difficult or impossible. When that happens:
Scrub your data. Log in and remove as much personal information as possible — change your name to random characters, delete your phone number, remove your address, replace your email with a throwaway email.
Change your password to something random. Use your password manager to generate a long random password. This prevents anyone from accessing the account even if the service is breached — and prevents you from accidentally using that password elsewhere.
Revoke app connections. If the account is connected to Google, Facebook, or Apple sign-in, revoke access from the identity provider’s side.
Contact support. If no self-service deletion exists, email the company’s support or privacy team and request account deletion. In states with privacy laws, reference the applicable law (e.g., CCPA) for legal weight.
Submit a GDPR or CCPA deletion request. If you’re in California or the EU, submit a formal data deletion request. Companies are legally required to comply with these requests, even for old accounts.
How to Prevent Account Sprawl Going Forward
After cleaning up your old accounts, prevent the problem from happening again:
Use a password manager. A password manager tracks every account you create, making it impossible to “forget” about them. Bitwarden is free and works on every device.
Think before signing up. Before creating a new account, ask: “Do I really need an account, or can I check out as a guest?” Every account you don’t create is one less data point in the system.
Use secondary contact information. Use a Google Voice number and secondary email for non-essential signups. If the service gets breached, your primary email and phone number stay clean.
Do a quarterly cleanup. Set a calendar reminder every 3 months to review and delete accounts you no longer use. The longer you wait, the more accounts accumulate.
Use “Sign in with Apple” when available. Apple’s sign-in feature creates a unique relay email for each service, hiding your real email. If you stop using the service, simply revoke access — no account deletion needed because they never had your real email.
Account Cleanup + Data Broker Removal = Complete Privacy
Deleting old accounts reduces your future risk from data breaches. But it doesn’t remove the personal information that’s already been collected and published by data brokers. For that, you need data broker removal:
Optery — Our top recommendation. Free scan to see your exposure on data broker sites. Paid plans ($39-$249/year) automate removal from 350+ sites. Read our full Optery review →
Incogni — Best budget option. Covers 180+ data brokers for $6.49/month billed annually. Read our full Incogni review →
Old accounts are the past. Data broker profiles are the present. Clean up both.
Your Account Cleanup Checklist
- Search your email for “welcome to,” “verify your email,” and “your account” to find forgotten accounts
- Check saved passwords in your browser and password manager
- Review social login connections (Google, Facebook, Apple)
- Check Have I Been Pwned to find breached services you had accounts with
- Delete accounts you no longer use — use justdeleteme.xyz for direct deletion links
- Scrub data from accounts you can’t delete
- Run a free Optery scan to see what data brokers have on you independently
- Set up a password manager to track all accounts going forward
Every account you delete is one less database holding your personal information. One less breach waiting to happen. One less attack vector for criminals. Start deleting.
Frequently Asked Questions
Why should I delete old online accounts?
Old accounts hold your personal information in databases that can be breached. Even accounts you haven’t used in years contain your email, passwords, and possibly phone number and address. Deleting them reduces your exposure to future breaches and identity theft.
How do I find accounts I’ve forgotten about?
Search your email for “welcome to” and “verify your email.” Check saved passwords in your browser and password manager. Review apps connected to your Google, Facebook, and Apple accounts. Check haveibeenpwned.com for breached services that had your email.
What if I can’t delete an account?
Remove as much personal information as possible, change the password to something random, and revoke any social login connections. If you’re in California or the EU, submit a formal data deletion request under CCPA or GDPR. Check your state’s privacy rights.
Does deleting old accounts remove my data from data brokers?
No. Data brokers collect information independently from public records, social media, and other sources. Deleting old accounts reduces future breach exposure, but you still need to remove existing data broker listings using Optery or Incogni.
How many online accounts does the average person have?
The average person has over 100 online accounts, including shopping sites, social media, email providers, forums, apps, and services they’ve signed up for over the years. Most people have forgotten about the majority of them.
Will deleting old accounts stop spam emails?
It can help reduce spam from specific services, but your email address is already on spam lists from data breaches and data broker sales. For comprehensive spam reduction, combine account cleanup with data broker removal and a secondary email for future signups.
This post contains affiliate links. If you purchase through our links, we may earn a commission at no extra cost to you. See our affiliate disclosure for details.