Security US fines Twitter for sensitive data breach
Cybersecurity is the order of the day.
According to a study conducted by
Microsoft Security Response Center
researcher Andrew Pavard and Avinash Sudhodanan, hackers have been able to take advantage of security flaws to hijack accounts
even before the user finished registering.
In the analysis they have carried out, they have investigated 75 websites, of which at least
35 were vulnerable
.
Among these pages were
Instagram, LinkedIn, Zoom, WordPress or Dropbox.
By accessing this registration moment, hackers can read and modify sensitive information associated with the account, such as messages, invoices, usage history... and even impersonate the victim when using their account.
In order to gain access, hackers only need to
know the email address
.
After this, the hacker creates an account on a vulnerable site and waits for the victim to discard
the email that arrives in the inbox as
spam .
Once the email has been moved, the hacker looks for a way for the owner of the email to create the account.
The user can enable multi-step verification to prevent this type of hijacking from happening.
The researchers have notified these 35 websites and many of them
have already solved these
security problems.
Conforms to The Trust Project criteria
Know more
microsoft
LinkedIn
kidnappings