ACSIA Help Center

What is a "possible account compromise"?

Permanently deleted user
Permanently deleted user
  • Updated

Overview

This article will explain the ACSIA alert called "possible account compromise".


Explaining possible account compromise

In the context of cybersecurity, "Possible account compromise" means there is a suspicion or indication that someone may have gained unauthorized access to a user's online account or system. It suggests that the account's security might have been breached or compromised.

Let's consider an example involving SSH (Secure Shell), a common method for accessing remote systems securely.

Imagine you have a server that you use for hosting websites and other online applications. You typically access this server using SSH, which allows you to establish a secure and encrypted connection to the server over the Internet. With SSH, you can execute commands on the remote server as if you were physically present.

One day, you notice some unusual activity on your server. For instance, you may find unexpected log entries showing failed SSH login attempts from various IP addresses you don't recognize. This could be an indication of a possible account compromise.

In this scenario, ACSIA might trigger a warning indicating "Possible account compromise." The warning is prompted by an unusual behavior, such as repeated login attempts from unknown sources, which may suggest that someone is attempting to gain unauthorized access to your server

ACSIA alerts you when an account is possibly compromised. Here's all the information that ACSIA shows you in the Live Notification:

Also, on the right of the above screen, we can see the actions that a user can perform in such cases.

 

ACSIA detects a possible account compromise if it is installed on your machines. In other words, ACSIA can't detect if an account has been compromised before its installation on your machines.

Related to