Account compromise

Account compromise is a cybersecurity incident in which an unauthorized party gains control over a legitimate user's digital account and its associated resources. This type of breach typically results from successful phishing campaigns, credential stuffing or brute-force attacks, malware designed to harvest login credentials, or the exploitation of authentication vulnerabilities. Once compromised, threat actors can impersonate the legitimate user to access sensitive data, financial systems, or privileged network resources.

From an incident response perspective, account compromise is a critical event requiring immediate action, including containment, credential reset, and forensic investigation. A compromised account can serve as a launchpad for data exfiltration, financial fraud, lateral movement, and deeper infiltration of an organization's infrastructure. Mitigating this risk demands robust identity and access management (IAM), multi-factor authentication (MFA), continuous monitoring, and well-defined incident response protocols to ensure rapid detection and recovery.