What Is a Service Account?
A service account is a credential that lets one application, system, or process authenticate to another without a human entering a password each time. A batch job that connects to a database, a monitoring agent that queries an API, and a middleware process that talks to a directory service all typically run under a service account rather than a personal login.
Service accounts tend to be long-lived by design: rotating the credential can break the process running on it, so teams are often reluctant to touch one once it works. That same characteristic makes a service account a durable target. A credential that hasn’t changed in years, and that no one wants to risk rotating, is exactly the kind of access an attacker who obtains it can rely on staying valid.
The deeper problem is ownership. A service account is frequently created by an engineer to solve an immediate need, without the same onboarding, review, or offboarding process a human account goes through. When that engineer leaves the team, the account often keeps running with no one actively responsible for it, which is how a routine, purpose-built credential becomes an orphaned, unmonitored one.