We have subscriptions to everything these days: streaming services, podcasts, online games, food delivery, fitness apps and even products like coffee beans. And nearly every company and creative professional has a newsletter or marketing listserv, too. With tools like autocomplete and Shop Pay, it’s easier than ever to sign up and subscribe.
I’ve fallen prey to this myself. The consequence? My inbox gets clogged with near-endless email newsletters, and the low-cost services start adding up, becoming a major monthly expense.
There’s a bigger, more existential threat, too. Every time you subscribe to something, you're handing over your data: name and email, as well as other identifying information such as your address and credit card info. We’ll explore how that data can be used against you and what you can do to minimize the risks associated with subscriptions.
How subscriptions can create security risks
Signing up for a subscription involves handing over sensitive identifying information to an outside party. Every online platform, website or company database, regardless of size, is vulnerable to malicious actors and data leaks. In other words, every site that collects your information is another way to be targeted. Cybercriminals can use your data in many harmful ways, from building personalized scams to stealing your identity.
Popular websites aren’t always safer than small websites. Their large databases make them more appealing to malicious actors and, as a result, often more dangerous, especially if they lack proper security measures.
Another threat is the prevalence of scam emails pretending to come from real people or company. These scams use the reputations of those real people or companies to trick you into revealing your personal information, a practice known as phishing. They might try to convince you to make purchases or send money -- and they’re a lot more likely to succeed if you don’t remember if you’re subscribed to the company or person they claim to be.
The threat doesn’t always come from outsiders, though. The owners of newsletters and subscription services can sell your data to data brokers, people-finder sites, scammers or other malicious actors. They might also be scammers themselves, impersonating real businesses or creating wholly false businesses to trick you into giving them your information or money.
How to reduce security risks created by subscriptions
Reducing the risks associated with your subscriptions means reducing the number of subscriptions and taking control over where your data can be found online. I recommend using a four-step process:
Eliminate unnecessary subscriptions
Every three months, I let the newsletters and promotional emails in my inbox pile up before systematically unsubscribing from the lists of companies and people I no longer want to interact with. And I don’t stop there; I also unsubscribe from newsletters I theoretically want to keep (like aspirational newsletters about improving my fitness) but haven’t opened in months.
This manual unsubscribe approach works for me, but you can speed things up by using Gmail’s built-in subscription management tools.
For paid subscriptions, you can manually review your bank and credit card statements, then cancel the subscriptions in your banking app or on the subscription sites. Alternatively, you can use a paid service such as Rocket Money to quickly find and eliminate old subscriptions. Rocket Money also offers great budgeting tools, so you can use this as an opportunity to potentially improve your financial life in other ways.
If, like me, you’ve got a habit of casually subscribing to low-level support tiers for artists via third-party services such as Patreon, you’ll notice that payments from those sites are always listed by the site’s name rather than the artist’s name. This makes it essential to go through your Patreon (or similar site) account to ensure you’re only deleting subscriptions you want to cancel.
Delete old accounts
Some sites require you to delete your account to cancel your subscription. Most sites, however, keep your account open long after your subscription ends -- meaning your data may still be at risk. To eliminate this risk, you’ll need to delete your old accounts altogether. If you’re manually ending your subscriptions, deleting your accounts often only requires one or two additional steps while you’re visiting each site.
If you’re using something like Rocket Money to end subscriptions -- or you want to delete unused accounts not connected to subscriptions -- you can use McAfee’s online account cleanup tool. This helps uncover accounts you’ve forgotten about; my own search with McAfee’s online account cleanup tool found multiple accounts I hadn’t used in years. And when you decide to delete an account, McAfee can send the account-removal request for you, potentially saving you a ton of time.
Request data removal
You often don’t need to create an account to sign up for a newsletter, but unsubscribing doesn't guarantee the deletion of your data. Many email marketing tools keep permanent lists of inactive or unsubscribed users. This creates the potential for your email address -- and any other details associated with your subscription -- to be sold or misused by third parties long after you’ve canceled.
Data removal services typically focus on removing your information from data brokers and people-finder sites, but some tools, like Bitdefender's digital footprint cleanup software, can also send data removal requests to email lists. Alternatively, you can use a data removal request template to manually request erasure of your subscriber data. Just make sure you customize each request for the entity you’re contacting.
Be careful about what you subscribe to going forward
Eliminating your subscriptions won’t safeguard your data unless you change your subscription habits. I recommend taking the following steps before you sign up for anything:
- Evaluate how much you want it. If it’s a newsletter, consider whether you care enough or have the time to open the emails regularly. If it’s a product or service, consider whether you’ll use it enough to justify giving out your payment information (or spending money on it regularly).
- Check the URL for SSL encryption, or Secure Sockets Layer.This is the most basic measure of website security, encrypting data sent to and from any website. You can confirm that SSL is being used by looking for the "https” prefix at the beginning of the URL.
- Research the website. Search “(website name) reviews” and “(website name) scams” to determine the site’s reputation.
You don’t need to spend much time on these tasks -- a few minutes of research can keep you safe from many threats.
Take steps now, not later
If you’ve been casually subscribing to anything and everything, you’ve exposed your data -- and yourself -- to a myriad of threats. You can reduce your exposure to these dangers by eliminating unused subscriptions, closing accounts and requesting data removals. You can minimize future risks, too, by paying more attention to what you subscribe to (and taking other steps to clean up your online footprint) in the future.




















