Our Security Wiki.
Knowledge is power.

Zombie accounts

Zombie Accounts

What are Zombie Accounts?

Zombie accounts, also known as dormant accounts or orphaned accounts, refer to user accounts that are still present in a system or application but are no longer actively used or managed. These accounts are typically associated with individuals who have left an organization, changed roles, or no longer require access to the system, but their accounts remain active due to oversight or lack of proper management.

Zombie accounts can pose significant security risks to an organization for several reasons:

1. Security Vulnerabilities: Dormant accounts can become targets for attackers. If these accounts have weak passwords or are not properly secured, they can be exploited by malicious actors to gain unauthorized access.

2. Access to Sensitive Data: Even if an employee has left the organization, their old account might still have access to sensitive data or critical systems. If left unchecked, this access can potentially lead to data breaches or unauthorized actions.

3. Compliance and Auditing: Zombie accounts can create compliance issues, as they may still have access to systems or data that they shouldn’t. This can result in audit failures or compliance violations.

4. Resource Mismanagement: Unused accounts consume resources such as licenses, storage, and computing power. This can lead to unnecessary costs for the organization.

5. Complexity: Having a large number of inactive accounts can make user management and access control more complex and difficult to manage.

To mitigate the risks associated with zombie accounts, organizations should establish proper account management practices:

1. Regular Review: Periodically review user accounts to identify those that are no longer needed. This should include accounts of employees who have left the organization or changed roles.

2. Automated Processes: Implement automated processes that disable or delete accounts of users who have left the organization. This can help ensure that accounts are properly managed in a timely manner.

3. Access Revocation: When an employee leaves the organization or changes roles, ensure that their access to systems and data is promptly revoked.

4. Least Privilege: Follow the principle of least privilege, which means granting users only the access and permissions they need to perform their roles and responsibilities. This reduces the potential impact of a compromised account.

5. Multi-Factor Authentication (MFA): Implement MFA for user accounts to add an extra layer of security. Even if a zombie account’s credentials are compromised, MFA can help prevent unauthorized access.

6. Regular Audits: Conduct regular audits of user accounts to identify and address any inactive or unused accounts.

7. Employee Onboarding and Offboarding Procedures: Implement clear procedures for adding and removing users from systems when they join or leave the organization.

By actively managing user accounts and addressing zombie accounts, organizations can improve their security posture, reduce the risk of unauthorized access, and ensure compliance with regulatory requirements.


Just-in-time access permission management


  • How do zombie accounts pose a security risk?

    Zombie accounts can be exploited by attackers to gain unauthorized access to a system or network. Since these accounts are often neglected and not monitored, they may have weak passwords or outdated security configurations, making them an attractive target for hackers.

  • What are the common causes of zombie accounts?

    Zombie accounts can result from various factors, including:

    • Employee turnover: Accounts of former employees are not properly deactivated.
    • Neglected service accounts: Accounts associated with applications or services that are no longer in use.
    • Forgotten test accounts: Accounts created for testing purposes and left active.
    • Inactive user accounts: Accounts of users who have not logged in for an extended period but are not deactivated.
  • What are the consequences of failing to address zombie accounts?

    Failing to address zombie accounts can lead to various security risks, including data breaches, unauthorized access to systems, and compliance violations. It can also result in increased operational and reputational costs.

  • Are there tools available to help organizations detect and manage zombie accounts?

    Yes, there are cybersecurity tools and identity management solutions such as Apono that can assist organizations in identifying and managing zombie accounts. These tools can automate the process of deactivating unused accounts and help maintain a secure user account environment.