Samsung fixes flaws that could have let attackers hijack your account

A recently patched trio of flaws in Samsung’s mobile site was leaving users vulnerable to attackers who could have reset their user passwords and hijacked their accounts, The Register reports.

The flaws were found by security researcher Artem Moskowsky, who said that they were all cross-site request forgery (CSFR), or, alternatively, XSRF, bugs. Moskowsky said that the problem was with the way that the Samsung.com account page handled password-reset security questions.

Read more about the Samsung flaw that could have enabled an attacker to access user profiles, change information such as usernames, or even to disable two-factor authentication (2FA), to change passwords and to thereby steal accounts, on Naked Security.