The United Arab Emirates (UAE) Cybersecurity Council has cautioned that the increasing reliance on digital platforms is creating a largely overlooked security threat: inactive user accounts.
New data released this week shows that nearly 30 percent of electronic accounts remain unused for extended periods while still storing personal data and retaining access permissions, making them vulnerable to cyberattacks.
According to the council, many users sign up for new applications briefly and then stop using them without realizing that the accounts stay active, often secured with weak passwords or outdated information.
These dormant profiles can later trigger unexpected login attempts or suspicious security alerts.
The council classified inactive accounts into three categories.
Dormant accounts are unused for 30 to 90 days but still connected to current users.
Stagnant accounts remain inactive for more than six months, often due to job changes, project completion, or discontinued use of secondary tools.
Abandoned accounts, considered the most serious risk, may persist even after an individual leaves an organization and can retain outdated access privileges that could be exploited if not removed.
The council urged individuals and organizations to regularly review and delete unnecessary accounts, update passwords, and enable two-factor authentication on active platforms.
It stressed that unmanaged accounts, whether dormant, stagnant, or abandoned, pose a significant threat to digital identity and security.
