Hackers can hack your online accounts before you even register them

By Bill Toulas, Bleeping Computer

Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox.

Andrew Paverd, a researcher at Microsoft Security Response Center, and Avinash Sudhodanan, an independent security researcher, analyzed 75 popular online services and found that at least 35 are vulnerable to account pre-hijacking attacks.

These attacks vary in type and severity, but they all stem from poor security practices on the side of the websites themselves.

As some vulnerable websites run bug bounty programs, it is surprising and worrying to see that such elementary attacks are still possible against their users.


Comments

Popular posts from this blog

Ukraine targeted by DDoS attacks from compromised WordPress sites

Microsoft fixes new PetitPotam Windows NTLM Relay attack vector

Microsoft Azure outage takes down services across North America