The hackers used credential stuffing to access the accounts, but credit card and bank information were fortunately not exposed. The news first came to light a few days ago when Zola users began posting on social media about the account takeovers and multiple attempts by the criminals to make purchases using the victims’ info. Wedding gift registry Zola acknowledged in a tweet that hackers hijacked the accounts of several users. “Nevertheless, although the problem is not on the user’s side, there is something we can do to avoid these kinds of attacks: always enable multi-factor authentication.” By requiring two methods to access your account, MFA keeps the user in control. “These are very smart techniques, taking advantage of weak security implementation in certain websites,” commented Avast Security Evangelist Luis Corrons. Researchers noted five variations of this attack: the classic-federated merge attack, the unexpired session identifier attack, the trojan identifier attack, the unexpired email change attack, and the non-verifying IDP attack. Once the victim joins the site and breathes life into the account, the attacker takes full control, icing out the victim from their own account. Plus, gift registry accounts are hacked and digital driver’s licenses are forged.Ī new paper by the Microsoft Security Response Center explains account pre-hijacking, where attackers open an account with the victim’s email address then lie in wait for the victim eventually to join the site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |