Hackers Can Gain Access to Your Online Accounts Before You Even Register
Hackers can still access your online account even before you register. Yes, you read it rightly! According to security researchers, hackers can hijack an account even
before it is set up by exploiting a flaw previously fixed on social media platforms such as Instagram, LinkedIn, Zoom, WordPress, and Dropbox.
Microsoft Security Response Center experts and independent researcher Avinash Sudhodanan conducted the analysis and looked over 75 popular digital services and discovered that at least 35 of them are still susceptible to pre-hijacking attacks.
According to the researchers account pre-hijacking assaults have the same impact as account hijacking attempts. A successful attack could allow the attacker to read/ modify sensitive account information (e.g., messages, billing statements, usage history, etc.) or perform actions using the victim's identity (e.g., send spoofed messages, make purchases using saved payment methods, etc.) depending on the nature of the target service.
How can a hacker perform a "pre-hijacking"?
Hackers need to know the target email address for a successful pre-hijacking, which is not difficult to find these days. The attacker then uses the targeted email address to create an account on the vulnerable platform. If the victim rejected the message as spam, the attacker won. The final step is to wait for the victim to log in to the website or trick them into logging in.
How does the hacker bypass email verification?
The attacker can set up the account using their own email address and then modify it to the victim's.
According to the researchers, mega firms including Instagram, Dropbox, Wordpress, LinkedIn, and Zoom were notified of the vulnerabilities, and that some of them had already corrected the problem.
How could this have happened even back then? Quite simple, it's due to a lack of rigorous verification. According to researchers, the cause for these flaws is that all online platforms strive to reduce login friction as much as possible, which has a severe influence on account security.
How to Prevent:
Users can set up 2FA (Two Authentication) or MFA (multi-factor authentication) on their accounts right away to reduce the chance of their accounts being pre-hijacked. The preceding session will be invalidated as well.
Want to Learn More About 2FA?
Feel free to check it out with us at 6259 5962 or email us at firstname.lastname@example.org.