Think of every account you have ever made: the forum from 2014, the shopping site you used once, the app you forgot. Each one still holds your data and is one more thing that can be breached. Learning to delete old online accounts is one of the highest-impact privacy habits there is, and it is mostly free.
Why dead accounts are a live risk
An account you abandoned is not harmless. It still stores your email, password, and whatever else you gave it, on a service that may no longer be maintained or watched. When it is breached — and old, neglected services are breached often — your data leaks anyway, and if you reused that password, the damage spreads through credential stuffing. Fewer accounts means a smaller attack surface, full stop.
How to delete old online accounts, step by step
1. Build the list. Your password manager is the fastest inventory. Add accounts surfaced by searching your inbox for “welcome” and “verify your email.”
2. Sort by risk. Prioritise anything holding payment details, a home address, or private messages.
3. Find the delete option. It is often buried. JustDeleteMe lists direct deletion links and rates how hard each service makes it.
4. Export anything you want first. Photos, invoices, messages — download them before you pull the trigger.
5. Delete, do not just deactivate. Deactivation hides the account; deletion removes the data. Choose deletion where offered, and check back, since some services only purge after a delay.
When you cannot fully delete
Some services refuse or stall. Then minimise: wipe every field you can, overwrite the address with a junk one, remove payment methods, and unsubscribe from everything. If the account was breached, run Have I Been Pwned on the address and change any shared password.
Stop the problem recurring
The reason this list got so long is that your real email was the default for everything. Break that: use a temporary email for one-off sign-ups so they never become accounts you have to hunt down later, and an alias for ones you mean to keep. While you are auditing, it pairs naturally with opting out of data brokers and tightening your privacy settings.
The payoff
Closing old accounts is quiet, unglamorous work with an outsized payoff: every one you delete is data that can no longer leak and a password that can no longer betray you. Spend an hour on the riskiest ten, fold the rest into a 30-day cleanup, and your exposure shrinks for good.
Frequently asked questions
Is deactivating an account the same as deleting it?
No, and the difference matters. Deactivation just hides the account; your data stays on the company’s servers and can still leak in a breach. Deletion is the one that actually removes the data, so choose it wherever it is offered.
What if a site refuses to let me delete my account?
Minimise instead. Wipe every field you can, replace your real address with a junk one, remove any saved payment method, and unsubscribe from everything. You shrink the data that can leak even if the shell of the account survives.
Does deleting an account remove me from past breaches?
No. Data already leaked is already out there and cannot be recalled. Deletion stops future exposure from that service; for anything already breached, change any shared password and check the address on Have I Been Pwned.
Should I delete accounts or just stop using them?
Delete them. An unused account is not dormant from a security view — it still stores your data and credentials on a service you no longer watch, so a breach there exposes you without warning. Walking away leaves the risk in place; deleting removes it. If you are unsure you will need it again, export anything important first, then close it for good.