What is Account Hijacking?
Account hijacking is a fraudulent action that aims to take over a user’s account on an application to access their information, publish content in their name or commit fraud.
Phishing, malware and the use of weak passwords are some of the main attack vectors used to commit this fraud.
The OWASP security methodology identifies account hijacking as one of the main controls to evaluate in applications. Using two-factor authentication often helps to contain this type of attack.