Account takeover
Coverage of Account takeover in the Nexus archive.
- Someone used my email to create a Walmart account; I cannot access
Someone used the user's email to create a Walmart account and place an order without their knowledge. The user cannot access the account due to a linked phone number they do not have and has contacted Walmart's abuse email to request account deletion.
- Zapier fixes bug chain that researchers say risked widespread account takeover
Security researchers at Token Security discovered a chain of five vulnerabilities in Zapier that could have allowed attackers to gain access to millions of user accounts and connected systems without malware or insider access. The flaws, which exploited weaknesses in code execution and credential storage, could have enabled malicious actors to impersonate users and manipulate integrations with third-party services. The vulnerabilities were responsibly disclosed through Zapier's bug-bounty program and have since been patched.
- Fraud Rockets Higher in Mobile-First Latin America
Fraud rates are rising sharply in Latin America, where cybercriminals exploit mobile-first environments. Attackers rapidly transition from compromised devices to account takeover and funds transfer, often outpacing financial institutions' response capabilities.