Account Pre-hijacking
   HOME

TheInfoList



OR:

Account pre-hijacking attacks are a class of security exploit related to online services. They involve anticipating a user signing up for an online service and signing up to the service in their name, and then taking over their account when they attempt to register it themselves. Pre-hijacking was first identified as a class of vulnerabilities in 2022, based on research funded by Microsoft's Security Response Center. Out of 75 online services surveyed, 35 were found to be vulnerable to various forms of the exploit. Vulnerable services included Dropbox,
Instagram Instagram is a photo and video sharing social networking service owned by American company Meta Platforms. The app allows users to upload media that can be edited with filters and organized by hashtags and geographical tagging. Posts can ...
, LinkedIn, WordPress and Zoom. The existence of the vulnerability was reported to all the service providers before publication of the paper.


See also

* Single sign-on * Federated identity


References

Computer security exploits Hacking in the 2020s Federated identity {{computer-security-stub