Account hijacking has sadly become a regular, everyday occurrence. But when it comes to hijacking accounts before they are even created? That’s something you’d never think possible—but it is.
Two security researchers, Avinash Sudhodanan and Andrew Paverd, call this new class of attack a “pre-hijacking attack.” Unfortunately, many websites and online services, including high-traffic ones, are not immune to it. In fact, the researchers found that more than 35 of the 75 most popular websites are vulnerable to at least one pre-hijacking attack.