★ security glossary
Creator Security Glossary
The security terms every creator should know — no jargon, just clear definitions.
- Account Takeover (ATO)
- When an attacker gains control of one of your accounts and locks you out, often to scam your audience or steal data. Read the guide →
- Credential Stuffing
- An automated attack that tries email-and-password pairs leaked from one breach across many other sites, exploiting reused passwords. Read the guide →
- Dark Web Monitoring
- A service that scans breach dumps and underground markets for your data and alerts you when it appears, so you can react early. Read the guide →
- Data Broker
- A company that compiles and sells your personal details — name, address, phone, relatives — assembled from public records and purchases. Read the guide →
- Doxxing
- Publishing someone's private information, like a home address or real name, to enable harassment. Read the guide →
- Infostealer Malware
- Malicious software that scrapes saved passwords and browser session cookies from an infected device and sends them to an attacker. Read the guide →
- Passkey
- A passwordless login tied to your device and unlocked with your face, fingerprint, or PIN — phishing-resistant and nothing to leak. Read the guide →
- Phishing
- A scam that tricks you into entering your login or details on a fake page or message that imitates a service you trust. Read the guide →
- Session Token
- A cookie your browser stores to keep you logged in. If stolen, it lets an attacker resume your session without your password or 2FA. Read the guide →
- SIM-Swap Attack
- When a scammer convinces your carrier to move your phone number to their SIM, intercepting the SMS codes used for 2FA. Read the guide →
- Two-Factor Authentication (2FA)
- A login step that requires a second proof of identity — an app code, passkey, or text — on top of your password. Read the guide →