• Security US fines Twitter for sensitive data breach

Cybersecurity is the order of the day.

According to a study conducted by

Microsoft Security Response Center

researcher Andrew Pavard and Avinash Sudhodanan, hackers have been able to take advantage of security flaws to hijack accounts

even before the user finished registering.

In the analysis they have carried out, they have investigated 75 websites, of which at least

35 were vulnerable

.

Among these pages were

Instagram, LinkedIn, Zoom, WordPress or Dropbox.

By accessing this registration moment, hackers can read and modify sensitive information associated with the account, such as messages, invoices, usage history... and even impersonate the victim when using their account.

In order to gain access, hackers only need to

know the email address

.

After this, the hacker creates an account on a vulnerable site and waits for the victim to discard

the email that arrives in the inbox as

spam .

Once the email has been moved, the hacker looks for a way for the owner of the email to create the account.

The user can enable multi-step verification to prevent this type of hijacking from happening.

The researchers have notified these 35 websites and many of them

have already solved these

security problems.

Conforms to The Trust Project criteria

Know more

  • microsoft

  • LinkedIn

  • kidnappings

Keywords: