Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. That’s according to Okta’s first Customer Identity Trends Report which surveyed more than 20,000 consumers in 14 countries about their online experiences and attitudes towards digital security and identity.
It found that increasing identity sprawl can trigger significant account takeover (ATO) security risks due to accounts that haven’t been used or even thought about in years, particularly if customers reuse (or only slightly alter) passwords or do not perform security reviews. A breach to any service may equip a threat actor with a huge volume of user credentials and associated personal data, with attackers adept at using this information at scale to compromise active accounts including important business accounts and networks.