Blog - Hackers Can Gain Access to Your Online Accounts Before You Even Register | ACM

Blog Details

image

Hackers Can Gain Access to Your Online Accounts Before You Even Register

Hackers can still access your online account even before you register. Yes, you read it rightly! According to security researchers, hackers can hijack an account even before it is set up by exploiting a flaw previously fixed on social media platforms such as Instagram, LinkedIn, Zoom, WordPress, and Dropbox.

Microsoft Security Response Center experts and independent researcher Avinash Sudhodanan conducted the analysis and looked over 75 popular digital services and discovered that at least 35 of them are still susceptible to pre-hijacking attacks.

According to the researchers account pre-hijacking assaults have the same impact as account hijacking attempts. A successful attack could allow the attacker to read/ modify sensitive account information (e.g., messages, billing statements, usage history, etc.) or perform actions using the victim's identity (e.g., send spoofed messages, make purchases using saved payment methods, etc.) depending on the nature of the target service.

How can a hacker perform a "pre-hijacking"?
Hackers need to know the target email address for a successful pre-hijacking, which is not difficult to find these days. The attacker then uses the targeted email address to create an account on the vulnerable platform. If the victim rejected the message as spam, the attacker won. The final step is to wait for the victim to log in to the website or trick them into logging in.

Hackers Can Gain Access to Your Online Accounts Before You Even Register 1

How does the hacker bypass email verification?
The attacker can set up the account using their own email address and then modify it to the victim's.

According to the researchers, mega firms including Instagram, Dropbox, Wordpress, LinkedIn, and Zoom were notified of the vulnerabilities, and that some of them had already corrected the problem.

How could this have happened even back then? Quite simple, it's due to a lack of rigorous verification. According to researchers, the cause for these flaws is that all online platforms strive to reduce login friction as much as possible, which has a severe influence on account security.

Hackers Can Gain Access to Your Online Accounts Before You Even Register 2

How to Prevent:
Users can set up 2FA (Two Authentication) or MFA (multi-factor authentication) on their accounts right away to reduce the chance of their accounts being pre-hijacked. The preceding session will be invalidated as well.

Hackers Can Gain Access to Your Online Accounts Before You Even Register 3

Want to Learn More About 2FA?
Feel free to check it out with us at 6295 5962 or email us at info@achievement.com.sg.