Orphan Account

What Does Orphan Account Mean?

An orphan account is a corporate account that has permissions to access sensitive data or internal systems but does not belong to a specific legitimate user. These types of user accounts can be a significant liability to businesses.


Techopedia Explains Orphan Account

Experts point out that various types of orphan accounts include Active Directory and OpenLDAP accounts, but also more broadly characterize these accounts as accounts that are left behind by a transitioning party. The practice of identity access management has a lot to do with preventing the unauthorized use of orphan accounts.

Suppose someone in a high position or in a sensitive department leaves a company, and their account is not deactivated. This dormant account can be used as an orphan account if unauthorized third parties somehow get access. In a way, an orphan account is very similar to a stray house key that is left behind after a property has changed hands. That key can be used for unauthorized access – an orphan account in a corporate system can be used in much the same way.


Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.