Youattest Logo

Orphan Accounts are a Valued Target for Hackers

Orphan accounts can wreak havoc on an organization’s security posture, as they can go undetected for long periods of time. In a recent study by Varonis, it was found that 44% of companies had more than 1,000 orphaned accounts. Worse still, for financial companies, the number was 64%, and for healthcare companies, it was 79%. What this means is that hackers have a treasure trove of accounts to exploit that fall into this category. And as we know, hackers love admin privileges.

What are Orphan Accounts?

Orphan accounts are user accounts that are no longer associated with any live users. This can happen when employees leave the company or when they change roles and their old account is no longer needed. Orphan accounts can also be created when malware or ransomware compromises an account and the hacker takes over the user’s identity. In either case, the actions of these compromised accounts often go undetected because there is no one monitoring them.

Hackers can utilize orphaned accounts to move across a network undetected and escalate their privileges to the admin level. They can also use them to access sensitive data like protected health information or financial information. Because orphaned accounts often have admin privileges, they are often the target of hackers. And if they don’t have admin privileges, no problem – they just escalate the privileges on the user orphaned account.


Image #1: Hackers like to compromise “Orphan Accounts” because of a real user is not often associated to with the account – and thus there activities can go undetected.

The Need to Detect Orphan Accounts

If you do not detect your organization’s orphan accounts, you are leaving yourself vulnerable to attack. One way to detect these accounts is by scheduling full access reviews monthly. This will help you identify and eliminate orphaned accounts. YouAttest can help you with this process so that you can focus on other aspects of your business. Full access reviews are not just for compliance – they are the best way to discover dormant accounts and protect your organization from attack. Common causes of orphaned accounts include:

  • Lack of an active account review process – many companies only do these yearly, if at all
  • Employees leaving the company or changing roles without their old accounts being deleted
  • Malware or ransomware takes over an account and the hacker uses it to exploit the network

You do not want to check accounts yearly as most companies do – this is not enough. Instead, you want to be proactive and schedule monthly reviews so that you can identify and eliminate orphan accounts before they cause problems. 

With YouAttest, you can automate this process and have peace of mind knowing that your organization is protected before it is too late. 

For example, YouAttest has a risk management partner who was working with an east coast hospital group that had a slew of orphaned accounts – one was taken over by a hacker that was able to enact ransomware and extort the enterprise for encryption of valued PHI. And guess what? The risk manager discovered that there was no active account review process in place. By the time they contacted the risk manager, the damage had already been done. Initiate an active review process in your organization and make sure it’s being done monthly to catch these types of issues before they become organizational problems.

How YouAttest Can Help

YouAttest is a cloud-based identity auditing system that can help you with your orphan account problem. YouAttest is designed to help organizations with compliance and security issues by automating the full access review process so that you can quickly identify and eliminate orphaned accounts. The system can also help you with other aspects of security, such as managing user privileges and implementing least privilege principles. YouAttest is the only system on the market that offers these features in one platform. 

With YouAttest, you can get a full picture of your organization’s access controls so that you can identify and eliminate orphaned accounts. The system also gives you the ability to control admin privileges and implement least privilege principles. And, YouAttest has partnerships with leading compliance and security companies, giving you access to the best tools and resources to help you protect your organization from attack. 

The bottom line is if you want to protect your organization from attack, you need to automate your full access reviews, monthly, with YouAttest.

YouAttest is the leading provider of automated access reviews  and can help your enterprise stay secure and eliminate orphan accounts. Contact YouAttest today to learn more about how we can help you maintain continuous compliance.