Tag feed

#account-takeover

25 posts1 followers

Trending tags this week

Sweet. Just Ask Meta AI Nicely an Get Someone Else's Instagram

2d ago · 3 min read · The Bot Had The Keys Several Instagram users reported account takeovers over the weekend. The unusual part was the alleged attack path. According to reports, attackers abused Meta's AI support assista

Join discussion

NGNiranjan Gblog.securityinsights.io

0

The Hidden Threat After Login: Understanding Session Hijacking

May 25 · 6 min read · You did everything right. You turned on multi-factor authentication (MFA). You use strong passwords. Maybe you even switched to passkeys. So how did an attacker still get into your email? The answer i

Join discussion

Oosint78shemkar.hashnode.dev

0

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

Apr 26 · 6 min read · The harmless profile endpoint that taught me how real bugs work Early in my bug bounty journey, I found a bug that looked simple from the outside, but it changed the way I think about web security. At

Join discussion

SRSatyam Rastogisatyamrastogi.hashnode.dev

0

DraftKings Credential Trafficking: Post-Plea Monetization & Detection Gaps

Apr 18 · 6 min read · Originally published on satyamrastogi.com Kamerin Stokes monetized DraftKings credentials through underground marketplaces post-plea, revealing systemic gaps in credential revocation and underground market monitoring. DraftKings Credential Traffick...

Join discussion

RLRisingWave Labsrisingwave.com

0

Real-Time Features for Account Takeover Detection

Apr 7 · 13 min read · Account takeover (ATO) is the fraud vector that breaks most traditional detection systems -- not because it is technically sophisticated, but because it uses entirely valid credentials. The attacker is not forging a card number or synthesizing a fake...

Join discussion

CSCyber Safety Zoneblog.cybersafetyzone.com

0

OAuth Attacks Explained: Why U.S. Businesses Are Losing Accounts Without Password Leaks

Feb 24 · 2 min read · In today’s digital-first world, most U.S. businesses rely on OAuth to make logging in easier for users. From Google and Microsoft to Slack and Dropbox, OAuth allows users to access apps without repeat

Join discussion

LDLakshay Dhoundiyallakshaydhoundiyal.hashnode.dev

0

Ghostpairing Attack: The WhatsApp Hack That Lets Strangers Read Your Chats 👻

Feb 8 · 6 min read · Most people think WhatsApp hacks look dramatic. A locked account.A warning message.A sudden logout. But what if the most dangerous WhatsApp attack does none of that? The Ghostpairing attack is a stealthy form of WhatsApp account takeover that doesn’t...

Join discussion

ZMZeeshan M.z-sec.co

0

Reverse Account Takeover via Email Rebinding Causing Forced Privilege De-Escalation

Jan 16 · 4 min read · When we talk about account takeover, we usually imagine a familiar story: an attacker steals credentials, hijacks a session, or abuses password reset flows to log in as someone else. This write-up is about something more subtle — and arguably more da...

Join discussion

CSCyber Seklercybersekler.com

0

Password Reset Poisoning Leading to Account Takeover

Jan 16 · 2 min read · Overview During a penetration test of a Web Applications API, I discovered a vulnerability in the password reset functionality that allowed an attacker to intercept reset tokens and take over user accounts. By manipulating a user-controllable field i...

Join discussion

AHAli Hussainzadablog.koalasec.co

0

Stored XSS leads to Zero-Click Account Takeover

Jan 3 · 4 min read · Hey, yolo guys! Long time no chat! As we already know, bug bounty is a scam (just kidding 🙂). I recently started doing penetration testing for startups in my country. In this case, it was an online marketplace, where I discovered eight security vuln...

Join discussion

#account-takeover

Search Hashnode

#account-takeover

Trending tags this week

Sweet. Just Ask Meta AI Nicely an Get Someone Else's Instagram

The Hidden Threat After Login: Understanding Session Hijacking

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

DraftKings Credential Trafficking: Post-Plea Monetization & Detection Gaps

Real-Time Features for Account Takeover Detection

OAuth Attacks Explained: Why U.S. Businesses Are Losing Accounts Without Password Leaks

Ghostpairing Attack: The WhatsApp Hack That Lets Strangers Read Your Chats 👻

Reverse Account Takeover via Email Rebinding Causing Forced Privilege De-Escalation

Password Reset Poisoning Leading to Account Takeover

Stored XSS leads to Zero-Click Account Takeover