Hello it's the fun police! Were you having a nice time engaging in nostalgia about the death of AOL Instant Messenger? Was it fun to look back on your old AIM login, how young you were, KrazyKat99, without a care in the world?
Yes, we at TechCrunch were also tempted to indulge in this requisite millennial nostalgia exercise! I do not blame you, but I will warn you.
Sharing old credentials online is a bad idea. From a security perspective, old AOL logins are a potential goldmine of personal details for anyone trying to hack your accounts. You may think that because your old AIM screen name is ancient that it isn't of use to anyone trying to hack you, but you'd be wrong.
— AIM (@aim) October 6, 2017
A lot of the screen names I've seen floating around contain things like pet names, important dates, hobbies and other personal identifying information that we'd be wise not to share in the open online. That kind of stuff, if not implicated in your current or past login/password combos, could be the missing piece for someone cracking a security question on one of your accounts. Particularly because security questions so often ask us things that longitudinally remain true throughout a lifetime, like your best friend's name or your high school mascot. Sure, a hacker might be able to find these personal details a different way, but by sharing your info on Twitter or wherever else, you've just made it searchable within seconds.
Furthermore, your old login information might still be searchable and connected to other online handles and identifying info. Remember that we didn't worry as much about repeating weak passwords and publicizing our login info way back in the glory days of AIM. For example, I searched one of my own AIM screen names from way back when and found pictures of the inside of my freshman year dorm on a message board service that I have no recollection of even belonging to. Creepy. It was a long time ago!
To protect yourself online, we recommend using two-factor authentication (2FA) that uses a local method — not SMS — to let you and only you into your accounts, whenever available. Beyond that, one of the most important things you can do is to shift your way of thinking: It's not a matter of if you get hacked, it's a matter of when. Until that day comes, and it very well already may have, do everything in your power to mitigate the risk.