"Inactive Accounts Pose Significant Account Takeover Security Risks"

Okta's first Customer Identity Trends Report shares findings from a survey of over 20,000 consumers in 14 countries concerning their online experiences as well as their attitudes regarding digital security and identity. According to the report, inactive and non-maintained accounts pose significant security threats to users and businesses, as cybercriminals could exploit active accounts using information stolen from forgotten or otherwise abandoned accounts. Increasing identity sprawl could ignite major Account Takeover (ATO) security risks because of accounts that have not been used in years, especially if customers reuse passwords, only slightly alter passwords, or do not conduct security reviews. A breach of any service may provide a threat actor with many user credentials and associated personal data. Attackers are adept at using this information on a large scale to compromise active accounts, including essential business accounts and networks. This report follows Google's announcement that it has updated its inactivity policy for Google Accounts to two years, which means that if a personal account has not been used or logged into for at least two years, Google may deactivate the account and its contents. This article continues to discuss inactive accounts getting compromised due to password reuse and lack of multi-factor authentication (MFA).

CSO Online reports "Inactive Accounts Pose Significant Account Takeover Security Risks"