Privacy

How to Find and Delete Old Online Accounts You No Longer Use

Heads up: this article contains affiliate links. If you buy through them we may earn a commission at no cost to you. We only recommend tools we trust — see our disclosure.

Think about all the places you've signed up over the years. The food delivery app you used twice on holiday. That forum you joined to ask one question about fixing a leaky tap. The online store where you bought a single birthday present in 2017. Each one felt harmless at the time, a quick email address and a password, and then you moved on and never thought about it again. But those accounts didn't disappear. They're still sitting on someone else's computer, quietly holding onto a little piece of you.

The good news is that cleaning them up is one of the most satisfying and genuinely useful things you can do for your online safety, and you don't need to be technical to do it. Grab a cup of coffee, and let's walk through why these forgotten accounts matter, how to track them down, and how to close them properly, without any panic and without any nonsense.

Why old accounts are a real problem (not just clutter)

It's tempting to think of an unused account as harmless. You're not logging in, so what's the harm? The trouble is that the account keeps existing whether you use it or not, and it keeps holding your information whether you remember it or not. Here's why that matters.

They're fuel for data breaches

Companies get hacked. It happens to big names and small ones, and it happens more often than any of us would like. When a company you signed up with years ago gets breached, the attackers walk away with whatever that company stored, which usually includes your email address and your password (or a scrambled version of it that can sometimes be unscrambled).

If you've forgotten the account even exists, you'll never know it was caught up in a breach. You won't change the password. You won't be watching for warning signs. The account just sits there as an open door you didn't even know was in the wall.

They enable "credential stuffing"

Here's a term worth knowing, explained simply. Credential stuffing is when criminals take a username and password stolen from one breach and try that exact combination on lots of other websites, hoping you reused it. And most of us have reused passwords at some point, especially on accounts we set up quickly and didn't think much about.

So an old, forgotten account with a password you also used somewhere important becomes a stepping stone. The attacker doesn't care about your dormant hobby forum. They care that the password on it might also open your email, your shopping account, or your bank.

They quietly hold your personal data

An account you set up years ago might still be storing your full name, your home address, your phone number, your date of birth, old messages, photos, or a saved shopping history that reveals a surprising amount about your life. The more places this information lives, the more places it can leak from, and the harder it is for you to keep track of who has what.

They might have your payment details on file

This is the one that catches people out. That subscription you signed up for and forgot about? It may still have your card number saved, and it may still be charging you. Even when it isn't billing you, a saved card sitting in a dormant account is a genuine risk if that account is ever accessed by the wrong person. Closing these accounts protects both your privacy and your wallet.

Step one: build an inventory of your accounts

You can't close accounts you can't remember. So before deleting anything, the first job is detective work: making a list of everywhere you have an account. This part is oddly enjoyable, a bit like cleaning out a cupboard and finding things you'd completely forgotten about. Here's how to be thorough.

Start with your password manager

If you already use a password manager, congratulations, you've done most of the hard work already. A password manager's vault is the single best inventory of your accounts that exists, because every time you saved a login, it quietly recorded that you have an account somewhere. Open it up and you'll likely see a long list of sites you'd forgotten about.

If you don't use one yet, this is a wonderful moment to start, because you're about to do a big cleanup and you'll want somewhere to keep track of it all going forward. A tool like Bitwarden gives you a free, secure vault where every account lives in one place. Even better, many password managers include a vault review or breach-monitoring feature that checks your saved accounts against known data breaches and flags weak or reused passwords, which is exactly the kind of insight you want when deciding what to clean up first.

Check your browser's saved logins

Before you had a password manager (or alongside it), your web browser was probably quietly saving passwords for you. This is a goldmine of forgotten accounts. In Chrome, Edge, Safari, or Firefox, look in the settings for a section called something like "Passwords" or "Autofill." You'll find a list of sites where the browser saved a login, and it often stretches back years.

Jot down anything on that list you don't recognise or no longer use. It all goes into your inventory.

Search your email inbox for the signup trail

This is the clever part, and it uncovers accounts nothing else will. Almost every time you create an account, the company sends you an email. Those emails are still sitting in your inbox, and your email's search bar can dig them out. Try searching for phrases like these, one at a time:

  • "welcome to" — the classic new-account greeting
  • "verify your account" or "confirm your email" — sent when you first sign up
  • "your receipt" or "order confirmation" — reveals shops you bought from
  • "your subscription" or "free trial" — catches recurring services
  • "reset your password" — often reveals accounts you tried to log back into and abandoned

Each result is a breadcrumb pointing to an account. Add them to your list. If you have more than one email address, especially an old one, do this in each inbox. Old email addresses tend to be where the oldest, most forgotten accounts are hiding.

Look at what you've linked with "Sign in with Google, Apple, or Facebook"

Over the years you've probably clicked a convenient "Sign in with Google," "Sign in with Apple," or "Continue with Facebook" button to skip creating a password. That linked a third-party account to your main one, and there's a tidy list of every place you did it.

  • Google: go to your Google Account, then "Security," then look for "Your connections to third-party apps and services."
  • Apple: in your Apple ID settings, find "Sign in with Apple" to see the apps using it.
  • Facebook: in Settings, look for "Apps and Websites" to see everything connected.

You'll likely be surprised by how many services are on these lists. Each one is an account you can review and, if you no longer use it, remove.

Step two: decide the order to tackle them in

Once you have your list, don't just start deleting from the top. A little planning makes this safer and less stressful. Work through your accounts in roughly this order.

  1. Anything with a saved payment method or active subscription first. These are the accounts costing you money or holding your card details, so they're the highest priority. Cancel the subscription properly before deleting the account, so you're not left in billing limbo.
  2. Accounts holding sensitive personal data next. Anything with your home address, financial details, health information, or private messages. The sooner these are closed, the smaller your exposure.
  3. Accounts that share a password with something important. If an old account used the same password as your email or bank, it's a credential-stuffing risk. Close it, and go change that shared password anywhere important that still uses it.
  4. Everything else you simply don't use. The low-risk clutter. Clear it out at a comfortable pace.

One gentle warning before you delete anything: make sure the account isn't propping up something you still rely on. That old email address might be the recovery contact for your bank. That Google account might be the login for apps you still use. Check what depends on an account before you close it.

Step three: download your data before you delete

Deleting an account is usually permanent, and once it's gone, so is everything in it. Before you close anything you might one day regret losing, take a moment to download a copy of your data. Most reputable services offer this, tucked away in privacy or account settings under a name like "Download your data," "Export," or "Request my information."

This matters most for accounts holding things you can't easily replace:

  • Photos and videos
  • Documents, notes, or files
  • Order history or receipts you might need for warranties or taxes
  • Messages or contacts

The download can take anywhere from a few minutes to a couple of days, depending on the service, so kick it off early. Once you've got your copy safely saved somewhere, you can delete with a clear conscience.

Step four: actually delete, don't just deactivate

Here's a distinction that trips up a lot of people, and companies count on it. Deactivating is not the same as deleting.

Deactivating (sometimes called "pausing," "disabling," or "closing") usually just hides your account and puts it to sleep. All your data stays exactly where it is, and the account can typically be woken back up. The company keeps everything; you just stop seeing it.

Deleting is the real thing: it tells the company to remove your account and, ideally, the personal data attached to it. This is what you actually want. When you're in an account's settings, read carefully and look for wording like "delete my account permanently" or "delete my data," not just "deactivate" or "close." If both options exist, choose delete.

How to find the delete button

Companies rarely make this easy to find. The delete option is usually buried deep in account settings, so hunt around in these places:

  • Settings, then "Account," "Privacy," or "Security"
  • A section labelled "Manage account," "Your data," or "Account management"
  • The very bottom of the settings page, where a small "Delete account" link often lives

If you genuinely can't find it, search the web for the service's name plus "delete account," and you'll usually find step-by-step instructions or a direct link. There are also free community-maintained directories online that catalogue how to delete accounts on hundreds of popular services, including how difficult each one makes it.

What to do when a site makes deletion hard

Some companies would very much rather you didn't leave, and they make deletion deliberately awkward: hiding the option, requiring you to email them, or offering only deactivation. Don't let that stop you. Here's how to push through.

Email or use the contact form directly

If there's no self-service delete button, contact their support and ask plainly for your account and personal data to be deleted. Depending on where you live, you may have legal rights that require them to comply. In many places, data protection laws (such as GDPR in Europe or the CCPA in California) give you a right to have your personal data erased. You don't need to quote chapter and verse; simply writing "I am requesting deletion of my account and all associated personal data" is usually enough to get the process moving.

Strip out your data first

If a service flatly refuses to delete your account, do the next best thing: empty it out. Go into the account and manually remove or overwrite as much as you can. Delete saved addresses. Remove any stored card. Change your name and other details to blanks or placeholder text. Change the email on the account, if allowed, to reduce its link to your main identity. An empty shell of an account is far less risky than one full of your real information.

Always remove saved payment methods

Whatever else you do, if an account you're abandoning has a card on file and won't let you delete the whole account, at least delete the payment method. This is almost always possible even when full deletion isn't, and it closes off the risk of surprise charges or a leaked card number.

Building a habit so this never gets out of hand again

The whole point of a big cleanup is that you shouldn't have to do a big cleanup ever again. A few simple habits will keep your account list tidy and safe from here on.

Keep everything in a password manager

From now on, every new account goes into your password manager, along with a unique password you never reuse. This does three things at once: it means you'll always have an up-to-date inventory of your accounts, it kills the credential-stuffing risk because no two accounts share a password, and it makes future cleanups a breeze. Both Bitwarden and Proton Pass are excellent, trustworthy choices for this, and they'll generate strong passwords for you so you never have to invent one again.

Use email aliases for new signups

Here's a genuinely powerful trick for the future. Instead of handing your real email address to every website that asks for it, use an email alias: a disposable, unique address that forwards to your real inbox. If a site you signed up with using an alias gets breached or starts spamming you, you simply switch off that one alias and the problem stops, without touching your real address.

Proton Pass has this built in, letting you generate a fresh alias on the spot each time you sign up for something. Over time, this means every service knows you by a different address, so no single breach can link your accounts together, and you keep tight control over who can actually reach your real inbox.

Do a small review once or twice a year

Put a recurring reminder in your calendar, maybe every New Year and every summer. Spend twenty minutes going through your password manager, glancing at any breach alerts it's flagged, and closing anything you've stopped using. Small and regular beats a giant cleanup every five years, and it keeps your online footprint reassuringly small.

The quick version

  • Old accounts are a real risk, not just clutter. They're fuel for data breaches, they enable credential stuffing when you've reused passwords, they hold onto your personal data, and they may still be storing (or charging) your payment details.
  • Build an inventory first. Check your password manager, your browser's saved logins, and search your email for "welcome to," "verify your account," and "your receipt." Review what you've linked with "Sign in with Google, Apple, or Facebook."
  • Delete in a sensible order: accounts with saved payments and subscriptions first, then those holding sensitive data, then any that share a password with something important, then the rest.
  • Download your data before deleting anything you might miss, like photos, documents, or receipts.
  • Delete, don't just deactivate. Deactivating hides the account; deleting actually removes it. Look for wording that says "delete permanently."
  • When a site makes it hard, email them to request deletion (you may have a legal right to erasure), or at minimum strip out your personal data and remove any saved card.
  • Going forward, keep every account in a password manager like Bitwarden or Proton Pass, use email aliases for new signups, and do a quick review once or twice a year.

Liked this?

Get one short, useful security email when we publish something new.

More in Privacy

Get the plain-English security newsletter

One short email when we publish something useful. No spam, no fearmongering. Unsubscribe anytime.