Hijacking of Accounts is still a possibility
The new set of issues in account hijacking are mainly split into two :
- Remote access to sensitive data on the cloud through obtained login information
- Falsification and manipulation of information through hijacked accounts
Other methods of hijacking are not excluded. They include scripting bugs and reused passwords, as well as cross-site scripting but also phishing, keylogging, buffer overflow, and man in the cloud attack. This is the most notable new threat. It involves the theft of user tokens used in cloud structures in order to verify individual devices without requiring logins during each update and sync.