Threat Briefing

    Vaultjacking

    A new class of identity attack: one compromised PIN or recovery flow, and an attacker owns every passkey, certificate and session in the victim's synced credential vault.

    What is vaultjacking?

    Vaultjacking is a class of attack in which a single compromise of a user's credential vault — protected by a short PIN or recoverable secret — gives the attacker control of every passkey, certificate, session token and signing key stored inside it. Because the vault becomes the single point of failure, a six-digit PIN that protects a hundred passkeys is functionally a six-digit PIN protecting your entire identity surface.

    The risk grew sharply in 2025-2026 as synced passkey vaults from Google, Apple and Microsoft became the default consumer credential store, and as AI agents began holding long-lived tokens on behalf of users. Schutz IT tracks the evolution of vaultjacking attacks and the PKI and Azure CIAM controls that defend against them.

    Vaultjacking research & analysis

    VaultJacking: One PIN Breaks All Passkeys

    A new phishing technique, VaultJacking, demonstrates how capturing a single Google Password Manager PIN can expose an entire vault of passkeys and passwords, even those deemed phishing-resistant.

    Read article

    VaultJacking: 6-Digit PIN vs Google Passkeys

    VaultJacking exploits Google’s synchronization to compromise passkeys via a single PIN. Learn how this AiTM attack works and how to protect enterprise credentials.

    Read article

    VaultJacking: AI-Powered Session Hijacking

    VaultJacking exploits the underlying sync infrastructure of Google Password Manager, bypassing FIDO2 and passkey protections with a single PIN.

    Read article

    Vaultjacking FAQ

    What is vaultjacking?

    Vaultjacking is a class of attack in which a single compromise of a user's local credential vault — typically protected by a short PIN or recoverable secret — gives the attacker control of every passkey, certificate, session token and signing key stored inside it. Because the vault becomes the single point of failure, a six-digit PIN that protects a hundred passkeys is functionally a six-digit PIN protecting your entire identity surface.

    How is vaultjacking different from credential theft?

    Classic credential theft steals one password or one session at a time. Vaultjacking targets the *container* that holds many credentials. Once the vault is unlocked, the attacker silently exports or impersonates every passkey and certificate inside it — no MFA prompt, no anomalous login, often no log entry visible to the SOC.

    Why do passkeys and synced credentials make this worse?

    Synced passkey vaults (Google, Apple, Microsoft and password-manager vendors) replicate credentials across every device the user signs into. That convenience is exactly what attackers exploit: one compromised PIN or recovery flow unlocks the vault on a device the attacker controls, and the synced passkeys ride along. Without device-bound credentials and proper PKI for high-value identities, the entire vault is portable.

    How do AI agents change the vaultjacking risk?

    AI agents that act on behalf of users need persistent access to identity material — tokens, passkeys, and signing keys. If those agent identities are stored in the same vault as a user’s personal passkeys, an AI session hijack escalates immediately into a full vaultjack. Treating machine and agent identities as first-class PKI subjects, with separate keys and short-lived certificates, is the cleanest defence.

    How do you defend against vaultjacking?

    Three layers: (1) device-bound, hardware-backed credentials for high-value identities — administrators, signers, AI agents — so they cannot be exported from one device to another; (2) short-lived certificates and continuous access evaluation, so a stolen credential expires before it can be exploited at scale; (3) governance of the vault itself — recovery flow hardening, PIN strength policy, and visibility into who/what has unlocked the vault.

    Worried about vaultjacking in your organisation?

    Schutz IT assesses passkey, PKI and credential-vault posture for regulated enterprises and builds the controls to defend against modern identity attacks.

    Talk to an expert