Half of America had their identity stolen in 2017, and barely anyone talks about it. Equifax, one of the largest credit reporting agencies in the U.S., was breached by hackers. And this wasn’t just a basic leak. Equifax holds some of the most sensitive data in the country, Social Security numbers, birthdays, driver’s licenses, addresses, everything a hacker needs to steal your identity. In total? 147 million Americans were exposed. That’s nearly half the adult population of t

Session Hijacking (also known as session stealing) is a common attack method used to take over a user's session. Taking over a session means the attacker (hacker) can impersonate you when you're logged into a website or application. This allows the attacker to perform any action you can, such as sending messages to your friends or accessing your private information, all without needing your password or MFA. What is Session Hijacking? Session Hijacking occurs when someone (typ

Discord, a popular media platform, uses tokens to allow you to connect and stay connected to your account. This is a session token, and they often reset each session. This means if someone gets access to your Discord token, they essentially have access to your Discord account — no password needed. What Happens When Someone Gets Your Token? When someone else gets your token, they are then able to: Log into your account without needing your username or password. Bypass two-fact

In 2023, a corporation known as 23andMe suffered multiple credential stuffing attacks to their users. 23andMe collects genetic DNA information to match with others. The credential stuffing attack led to 5.5 million records and profiles ending up online. ( Bitdefender, 2023 ) What Is Credential Stuffing? Credential stuffing is a type of attack that mainly exploits users' inadequate security habits. Typically, when a user registers for a service, they input login details. It is