Orphaned Account

An orphaned account is a user account that remains active in a system after the associated user has left the organization or no longer requires access.

These accounts typically occur when employees are terminated, transferred, or change roles without proper deprovisioning procedures being followed, leaving their digital credentials intact and potentially accessible.

Orphaned accounts pose significant security risks because they represent unmonitored access points that malicious actors can exploit. Since these accounts are no longer actively used by legitimate users, unauthorized access may go undetected for extended periods. Attackers often target orphaned accounts specifically because they provide a pathway into systems without triggering the security awareness that comes with compromising active user accounts.

Organizations should implement regular account auditing processes to identify and deactivate orphaned accounts promptly. This includes automated deprovisioning workflows tied to HR systems, periodic access reviews, and monitoring for dormant accounts. Identity and access management (IAM) solutions can help streamline this process by providing visibility into account usage patterns and facilitating rapid account lifecycle management to prevent orphaned accounts from accumulating over time.