account-takeover
Safeguard articles tagged "account-takeover" — guides, analysis, and best practices for software supply chain and application security.
17 articles
Compromised NuGet author accounts
NuGet maintainer accounts are the .NET supply chain's weakest link. Here's why account takeover beats typosquatting, and how to detect it before a CVE exists.
lottie-player npm supply chain compromise
A phishing-driven npm token takeover pushed a crypto wallet drainer into lottie-player, hitting 94K weekly downloads before LottieFiles shipped a fix.
Weak Password Recovery Mechanisms
From Sarah Palin's 2008 Yahoo hack to the 2014 iCloud photo leak, weak password recovery flows keep giving attackers account takeover without a password.
Roku Credential Stuffing Attacks Compromise 576,000 Accounts
In April 2024, Roku disclosed that two separate credential stuffing campaigns had compromised approximately 576,000 customer accounts, with attackers making fraudulent purchases and changing account details on some affected accounts.
General Motors Credential Stuffing Attack: Loyalty Points Theft at Scale
Attackers used credential stuffing to compromise GM customer accounts, stealing reward points and personal data — a reminder that password reuse remains one of the most exploitable habits in cybersecurity.