Unveiling the Dominant Cyber Threat of 2023: Valid Account Compromise Takes Center Stage


In today’s digital age, our online presence is more vulnerable than ever to cyber threats. With the recent release of the IBM X-Force Threat Intelligence Index report, alarming statistics have surfaced, revealing a significant surge in valid account compromises as the primary method for cyber attackers to gain unauthorised access. In 2023 alone, there was a staggering 71% increase in such attacks, constituting nearly one-third of global cyber breaches. This underscores the urgent need for individuals and organisations alike to fortify their digital defences and promptly respond to suspected compromises.

What is valid account compromise?

Firstly, we need to understand the threat that we face. A valid account compromise refers to a situation where a cyber attacker successfully gains unauthorised access to a legitimate user account. In other words, the attacker is able to obtain the login credentials (such as username and password) of a genuine user through various means, such as phishing attacks, credential stuffing, or exploiting vulnerabilities in the system.

Once the attacker gains access to a valid account, they can exploit it for malicious purposes, such as stealing sensitive information, conducting fraudulent activities, spreading malware, or launching further attacks within the system or network.

Valid account compromises are a significant concern for individuals and organisations alike because they often provide attackers with a foothold to perpetrate more extensive and damaging cyber attacks. This type of compromise underscores the importance of implementing robust security measures, such as strong passwords, multi-factor authentication, and regular security awareness training to mitigate the risk of unauthorised access and protect against potential breaches.

What to do if you fall foul of valid account compromise?

  1. Change Your Password: If you suspect that your account has been compromised, the first step is to change your password immediately. Opt for a strong, unique password that is not used for any other accounts to prevent further exploitation.
  2. Revoke sessions: When changing a password, users often encounter a “log me out of all devices” option, which effectively revokes all active sessions. This action indiscriminately logs out any unauthorised users, even if they’ve previously opted to stay logged in. Though it may involve technicalities like preventing the reuse of cookies or sessions, the practical outcome is straightforward: once an attacker is logged out, attempting to regain access with the changed password becomes futile.
  3. Enable Two-Factor Authentication (2FA): Enhance your account security by enabling two-factor authentication. This additional layer of verification significantly reduces the risk of unauthorised access, requiring a secondary code alongside your password for login.
  4. Monitor for Suspicious Activity: After updating your password and enabling 2FA, vigilantly monitor your account for any signs of unauthorised activity. Be on the lookout for suspicious login attempts, unfamiliar account actions, or unexpected purchases.
  5. Review Password Reuse: If you’ve used the compromised password elsewhere, particularly associated with the same email or username, repeat the above steps for each potentially affected account. Hackers often exploit reused credentials across multiple platforms.
  6. Utilise a Password Manager: Simplify password management and bolster security by utilising a password manager. These tools generate and store complex, unique passwords for all your accounts, minimising the risk of compromise.
  7. Report it to the necessary colleagues: If a corporate account is compromised, sensitive data may have been exposed. Inform the data protection officer immediately. Conduct a thorough data impact analysis to assess potential breaches and involve the IT department to initiate appropriate incident response protocols.

Stay Vigilant Against MFA Bypass Attempts

Remain vigilant for signs of multi-factor authentication bypass attempts. Multiple push notifications from an authenticator app could indicate a compromised username and password combination. Never accept unknown authentication requests and promptly change your password in line with recommended guidelines.

Act Swiftly to Mitigate Risks

Time is of the essence when responding to a suspected account compromise. Acting swiftly to secure your account significantly reduces the likelihood of severe consequences stemming from the breach. You don’t have to go it alone. Managed Cyber Security Service Providers such as norm. have the tools and capabilities to immediately isolated affected devices and assist with the above mitigating actions.


In conclusion, safeguarding your digital accounts requires proactive measures and swift responses to potential threats. By implementing robust security practices and staying informed about emerging threats, individuals and organisations can minimise the risk of account compromises and protect sensitive data from malicious actors. Remember, staying vigilant is key to staying one step ahead of cyber adversaries.

Daniel russell headshot

Written by Daniel Russell

Daniel Russell is a seasoned cyber security professional serving as the Principal Analyst for Threat Intelligence at NormCyber. With extensive experience in threat intelligence analysis, Daniel is dedicated to staying ahead of evolving cyber threats and developing effective mitigation strategies. His comprehensive understanding of emerging threats and strong analytical skills empower norm.’s clients to proactively defend against cyber attacks.