Most accounts a person has held over the years are no longer used and have been forgotten. An old email address, an old forum, a marketplace from years ago, a service that has since been bought by someone else. The forgotten ones are often the most exposed.
The reason is that they were set up with passwords that you would not now consider strong, on services whose security has since been compromised, and with a recovery setup that is no longer current. The password has been in a breach. The recovery email is one you no longer control. Anyone who wanted to could take the account and you would not know.
Some of these accounts contain little. Others contain more than you remember: messages from a former employer, photos from a former relationship, documents you uploaded at the time and forgot. A forgotten account that contains real information is a useful starting point for someone trying to build a picture of you.
Finding old accounts takes time. Go through old email archives for sign-up confirmations. Search your name on services you might once have used. Check the password manager, old phone backups, bookmarks from a previous browser. Each account found is either closed properly, with the data removed, or brought up to current standards.
·
The desk does this kind of cleanup as part of an initial engagement and watches for new old accounts to surface from breaches as they are reported.
More from the desk
Why the desk keeps its detection systems private
Foreign property and the local register that records it
The trail of a foundation grant
Online payment platforms and the trail they leave
How the desk uses the team and the systems together
What a holding structure still shows