What is an Account Takeover?

Back to learning

Account takeovers (ATOs) are security breaches where unauthorised users gain access to legitimate accounts. These attacks pose a serious threat to both individuals and organisations, compromising personal data, finances, and sometimes even national security. The impact of ATOs is far-reaching, affecting not just the account owner but also their contacts and anyone related to the compromised data.

How Account Takeovers work

The attack starts with unauthorised access. This can occur in various ways:

1. Phishing Attacks: Attackers trick users into revealing login credentials by posing as trusted entities.
2. Credential Stuffing: Using previously leaked credentials to gain access, relying on people's tendency to reuse passwords.
3. Brute Force: Manually or automatically trying multiple combinations to crack the user's password.
4. Social Engineering: Manipulating customer service agents or people who have account access into revealing details or resetting passwords.
5. Keylogging: Malware records the keystrokes of the user, capturing usernames and passwords.

Impact and Consequences

The consequences of an account takeover can be severe:

1. Financial Loss: Immediate financial loss from unauthorised purchases or theft of funds.
2. Identity Theft: Using the stolen account for fraudulent activities.
3. Data Leakage: Personal or sensitive data, including messages, contacts, and photos, can be leaked or sold.
4. Reputation Damage: Attackers can use the account to send out spam or harmful content, tarnishing the individual's or company’s reputation.
5. Business Risks: For business accounts, there’s a risk of confidential data leaks, intellectual property theft, and financial loss.

There has been a recent rise in account takeover attacks using compromised accounts to bypass anti fraud detection. By taking over an existing account that has a purchase history, the attacker can change the delivery address and place an order, sometimes using a stored credit card, bypassing the antifraud measures a website might have on new accounts.

Stopping Account Takeover Attacks

Account takeovers are a growing threat, but there are defensive strategies to mitigate risks:

1. Multi-Factor Authentication: Implementing an additional layer of security like SMS or app-based tokens significantly reduces the chances of unauthorised access.
2. Regular Monitoring: Check account activities regularly and set up alerts for unusual activities, eg a login from a new device or country.
3. Bot Management: Prevent takeover attacks by limiting bot access to login forms.
4. Advanced Rate Limiting: Limit the amount of attempts at logins based on criteria more than just the IP address, eg country, fingerprint(s), ASN, etc