A recent revelation highlights a new cybersecurity risk: attackers can gain access to sensitive accounts without needing a user's password. Instead, they are exploiting routers to intercept authentication tokens.
Source: Russia hacks routers for tokens.
This method bypasses traditional password-based security by stealing the tokens that services use to keep users logged in. Once a token is compromised, attackers can access accounts as if they were the legitimate user, often without triggering any alarms.
The technique underscores the importance of securing home and office routers, as these devices become prime targets for credential theft. Experts recommend enabling encryption, changing default passwords, and keeping router firmware up to date to mitigate such attacks.