Definition
Account hijacking is a type of cyberattack in which a cybercriminal takes control of a target’s account linked to a computer device or online platform.
How Does Account Hijacking Occur?
- Password guessing: Using easy-to-guess passwords makes it easy for cybercriminals to access your accounts. They can get clues from your online presence, like your social media profiles.
- Insecure password storage: Service providers should securely store your password to make authentication functional when signing up for an account. Failing to store it properly leaves it vulnerable to hackers.
- Password reuse: If you reuse one password on all your accounts, cybercriminals can easily access your other accounts if they manage to access one account.
- Password theft: A cybercriminal can install malware on your device to steal your login credentials. They can also record your keystrokes.
- Phishing: Hackers can create a well-designed phishing site that even includes SSL certificates to make it appear authentic. Meanwhile, emails linking to these websites have a sense of urgency, like suspicious activity detected on the account.
A Real Example of Account Hijacking
In 2020, hackers confiscated 130 high-profile Twitter (now X) accounts to facilitate a Bitcoin scam. Some of the popular individuals affected included Joe Biden, Barack Obama, Kim Kardashian, Bill Gates, and Elon Musk.
Preventing an Account Hijacking
- Create robust and distinct passwords for each account.
- Configure MFA (multi-factor authentication).
- Avoid tapping on suspicious attachments and links.