Security

What is Account Takeover?

Account takeover is a type of identity theft where hackers take control of user accounts with stolen credentials using malicious processes or bots. A successful account takeover leads to unauthorized transactions or illegal access to sensitive resources.

How is an Account Takeover attack performed?

1. Cybercriminals leverage the fact that users reuse passwords; their first step is obtaining a large pool of stolen credentials from multiple data breaches.
2. Next, the hacker tests the obtained stolen credentials against the targeted set of user accounts, either manually or using bots, till a match is found.
3. The hacker gains access to sensitive network resources connected with the breached user account.

If the compromised user account has low privilege, hackers move laterally to gain access to other high privilege accounts.

How can organizations secure their network resources and stop account takeover attacks?

We can combat account takeovers by ensuring users don't reuse passwords. ManageEngine ADSelfService Plus is an integrated self-service password management and a single sign-on (SSO) solution. It offers advanced password policies that ensure:

1. Users don't reuse passwords during Active Directory and cloud applications' password reset and password change.
2. Users don't use breached passwords by integrating with the Have I been Pwned API service.
3. Users don't use dictionary words, weak passwords, patterns or keyboard sequences, or palindromes.