CHANGE YOUR PASSWORD OR SUFFER!
All your passwords need to be changed every 6 months or delete your accounts if you do not use them any more. Linking accounts is a easy way for hackers to enter you vital points of access. In many cases people use the same password for everything so you made it easy for hacker.
Do not feel bad, I used to do the same thing and it took 2 times getting hacked to stop doing stupid things on the internet. Be better than Me.
Recent research shows 1 in 5 adults have suffered from an account takeover
more than 24 billion account usernames and passwords are available for purchase on the dark web. In some cases, purchasing credentials isn’t necessary, as year after year, the most common password is 123456, appearing in one out of every 200 passwords. THESE NUMBERS TELL THE WHOLE STORY.
CSRF stands for “Cross-Site Request Forgery.” It’s a type of security vulnerability that occurs when an attacker tricks a user into unknowingly making an unwanted or malicious action on a different website without their consent. In the context of changing an email or password, a CSRF attack could lead to a user’s email or password being changed without their knowledge or permission if the website is not adequately protected against such attacks. To prevent CSRF attacks, web applications often use tokens or other mechanisms to verify the authenticity of a request.
- Change Email/Password CSRF – The simplest ATO employs phishing. An attacker sends a link to the victim, and when the unsuspecting user clicks on the link, the victim’s email/password will be changed and the attacker can take over their account.
- OAuth CSRF – Consider a website that allows users to log in using either a classic, password-based mechanism or by linking their account to a social media profile using OAuth. In this case, if the application fails to use the state parameter, an attacker could potentially hijack a user’s account on the client application by binding it to their own social media account.
- Default/Weak Credentials – Most products have their own default credentials for things like servers, routers, and Virtual Network Computing (VNC) that sometimes do not get changed. Many applications lack a strong password policy and will allow users to set weak passwords such as 123456.
- Forgot your password? – Sometimes “forget password” implementations can be vulnerable to password reset token leaks, HTTP leaks, bypassing poor security questions, Host header injection or HTTP Parameter Pollution attacks.
- Credential Stuffing – In this method, attackers use lists of compromised user credentials to breach a system. Bots can be deployed for automation and scale, based on the assumption that many users reuse usernames and passwords across multiple services.
Leave a Reply