HOME

TheInfoList



Click Here for Items Related To - Account Pre-hijacking
OR:
Account Pre-hijacking on:   [Wikipedia]   [Google]   [Amazon]

Account pre-hijacking attacks are a class of
security exploit An exploit (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanti ...
related to
online services An online service provider (OSP) can, for example, be an Internet service provider, an email provider, a news provider (press), an entertainment provider (music, movies), a search engine, an e-commerce site, an online banking site, a health site, ...
. They involve anticipating a user signing up for an online service and signing up to the service in their name, and then taking over their account when they attempt to register it themselves. Pre-hijacking was first identified as a class of vulnerabilities in 2022, based on research funded by Microsoft's Security Response Center. Out of 75 online services surveyed, 35 were found to be vulnerable to various forms of the exploit. Vulnerable services included
Dropbox Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, U.S. that offers cloud storage, file synchronization, personal cloud, and client software. Dropbox was founded in 2 ...
,
Instagram Instagram is a photo and video sharing social networking service owned by American company Meta Platforms. The app allows users to upload media that can be edited with filters and organized by hashtags and geographical tagging. Posts can ...
,
LinkedIn LinkedIn () is an American business and employment-oriented online service that operates via websites and mobile apps. Launched on May 5, 2003, the platform is primarily used for professional networking and career development, and allows job s ...
,
WordPress WordPress (WP or WordPress.org) is a free and open-source software, free and open-source content management system (CMS) written in PHP, hypertext preprocessor language and paired with a MySQL or MariaDB database with supported secure hypert ...
and
Zoom Zoom may refer to: Technology Computing * Zoom (software), videoconferencing application * Page zooming, the ability to magnify or shrink a portion of a page on a computer display * Zooming user interface, a graphical interface allowing for imag ...
. The existence of the vulnerability was reported to all the service providers before publication of the paper.


See also

*
Single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
*
Federated identity A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. Federated identity is related to single sign-on (SSO), in which a ...


References

Computer security exploits Hacking in the 2020s Federated identity {{computer-security-stub