Privacy Radar

Account Compromise

Account compromise is a cybersecurity term used to describe unauthorized access to an account. The user of the account is largely unaware and at risk of losing sensitive data.

The perpetrator of said compromise will often do this through the use of personal information such as login credentials. Either that or they found an alternative means to circumvent the account’s security. 

Some of these methods include security vulnerabilities, weak passwords, malware infections, and phishing attacks.

Methods of account compromise

  • Phishing: This is done with the use of scam emails, fake websites and deceptive messages to goad users into giving up their login details. 
  • Weak passwords: If you use easily guessable passwords, this can make it easier for hackers to gain access to your accounts. 
  • Brute-force attacks: Brute-force attacks involve trying a series of password combinations until they arrive at the right password. A task this herculean is usually done using automated tools. 
  • Malware and keyloggers: With the use of harmful software including remote access trojans (RATs), and keyloggers, an attacker can hijack a user’s device and capture sensitive keystrokes such as login details. 

Account compromise consequences

  • Access to private data: With the login details, the hacker can log in to the user’s account and amass private data, including confidential information. 
  • Identity theft: With the collection of the private information, the attacker can then pretend to be the user and commit fraudulent acts or even access any accounts linked to the compromised one.
  • Data editing or erasure: The hacker can also edit, erase or even corrupt the constituent data in the account, resulting in service disruption and loss of data.
  • Phishing (Spamming): With the compromised account, the attacker can proceed to send out phishing messages or spam emails to the user’s contacts in order to deceive them into giving up sensitive data as well.
  • Financial fraud: In the event that the compromised account is connected to any financial services or online shopping, the hacker can proceed to make unauthorised transactions or steal money.

How to protect accounts

  • Use secure, unique passwords.
  • Be cautious of phishing scams.
  • Set up two-factor authentication.
  • Execute regular data backups.
  • Beware of public Wi-Fi.
  • Take note of your account activity.