Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Response Processors: Login Processor: Incident - Site Login User Sharing

    Complexity: Low (2.0)

    Default Response: None.

    Cause: The login processor is designed to protect the login dialog of the website. It works by monitoring all login attempts and identifying suspicious and malicious events. This specific incident is triggered when multiple clients log into the same account. Both successful and unsuccessful attempts are counted for this incident. Depending on the nature of the protected site, this can be perfectly acceptable behavior, however on some sites this type of behavior can indicate abuse.

    Behavior: Many websites provide a way for users to authenticate so that their experience and data can be customized specifically for them. In the case of this incident, credentials for one of those accounts have been distributed to multiple clients and two or more of those clients are logging into the account. Unless the website expects users to share credentials, this would generally indicate a situation where the credentials for an account have been compromised and the account has been hijacked. Additional follow up can be required to recover the account (such as changing the password or locking the account until the actual owner contacts the administrators to resolve the issue).

    Published: 2015-02-04