Guest Talk News

The Forgotten Account That Could Cost You Everything: A Real Wake-Up Call

forgotten account security risk, Fel Gayanilo, Secretary General, Cybersecurity Advisors Network (CyAN), Bharat Raigangar - Global Head of Cyber, Risk & Compliance- Board Advisor

Author: Fel Gayanilo, Secretary General, Cybersecurity Advisors Network (CyAN)

Forgotten online accounts pose a hidden cybersecurity risk, especially when linked to outdated recovery details and recent data breaches.

Proactive digital hygiene—like updating info, enabling MFA, and deleting unused accounts—is essential to protect your identity.

I want to tell you about a friend of mine. Years ago, this friend signed up for a Qantas Frequent Flyer account. Like many of us, it was a set-it-and-forget-it situation. The password was never updated. The account still had an old phone number and email address attached. When my friend recently tried logging in, the recovery process failed completely. There was no way to get the reset code or verify the account. Locked out and frustrated, my friend gave up.

What this friend did not realise was that the timing could not have been worse. Just last week, Qantas confirmed that the personal details of up to six million customers were compromised. The breach happened through a third-party customer service platform. Exposed information included names, email addresses, phone numbers, dates of birth, and Frequent Flyer numbers.

Although passwords and payment details were not part of the leak, this should still be a serious wake-up call. Anyone with a forgotten or neglected account could be exposed, even if they are no longer actively using it.

I break this down in more detail in my latest article:  The Qantas Breach: What We’ve Learned and What You Can Do Now

In that piece, I explore how threat actors take advantage of overlooked access points and third-party services. The Qantas incident highlights how breaches are not always about a company’s internal system getting hacked. Sometimes, it is about the people and systems around it. And sometimes, the most vulnerable target is a forgotten account that no one is watching.

This situation lines up with a recent article by Amber Bouman, published on Tom’s Guide. The article is titled “Your Old Accounts Are an Online Gold Mine for Cybercriminals — What You Need to Do Right Now to Stay Safe.” Amber explains how outdated accounts are often protected by weak passwords and cannot be recovered if your old contact information no longer works. These are the accounts criminals love to find, because they are easy to take over and hard to trace back to the real owner.

When you look at both stories side by side, the risk becomes very real. On one hand, a breach leaks your information into the wild. On the other hand, your ability to do anything about it is blocked because you have lost access to the account. It creates a dangerous gap that many people do not even know exists until it is too late.

Here is what I recommend for everyone reading this:

  • Go back and check your old accounts. Airline programs, shopping sites, subscriptions you no longer use and anything you might have signed up for years ago.
  • Make sure your recovery details are updated. Use a current email address and phone number.
  • Turn on multi-factor authentication whenever possible. Even a basic second step makes a big difference.
  • Delete accounts you no longer use. If there is no value in keeping them, closing them removes the risk completely.
  • Have this conversation with your friends and family. Most people do not think about these things until something goes wrong.

Cybersecurity is not just about firewalls and encryption. It is also about personal responsibility. Your digital footprint is your responsibility, and the decisions you make now will affect how easy it is for someone else to walk in later.

A forgotten account may not seem important, but in the wrong hands, it becomes an open door. Security starts with awareness, and awareness starts with small actions that you can take today.

You can read Amber Bouman’s full article here: @Tom’s Guide – Your Old Accounts Are an Online Gold Mine for Cybercriminals https://share.google/TElC5YvxVhjQHkjhi

And if you want to understand how this connects to the Qantas breach, my full article is live here: The Qantas Breach: What We’ve Learned and What You Can Do Now https://www.linkedin.com/pulse/qantas-breach-what-weve-learned-you-can-do-now-fel-gayanilo-aqpoc

Take a moment this week to check your old accounts. The longer they sit forgotten, the more useful they become to someone else.


About the Author

Fel Gayanilo is a cybersecurity enthusiast – currently Security General at CyAN, where he combines his leadership, communications and technical curiosity to help build a robust and secure digital world.  His journey into the Cyber arena began with a career in hospitality and operations, we he infused adaptability, people skills, and strategic thinking that thrive in high-pressure environments.

He holds a certificate IV in Cybersecurity from

Melbourne Polytechnic and expertise in Identity Management- Governance- Penetration Resilience. He is an insightful author making complex topic approachable to the GenZ and GenAlpha.

Related posts

Sophos Unveils Next-Gen Partner Program to Accelerate Growth and Cybersecurity Innovation

Enterprise IT World MEA

Nutanix Named a Leader in Multicloud Container Platforms by Forrester

Enterprise IT World MEA

Empowering Workforce Safety and Skills Through Digital Innovation

Enterprise IT World MEA

Leave a Comment