Everybody has cybersecurity tales involving relations. Here is a comparatively widespread one. The dialog normally goes one thing like this:
“The strangest factor occurred to my streaming account. I bought locked out of my account, so I needed to change my password. Once I logged again in, all my exhibits had been gone. Every little thing was in Spanish and there have been all these Spanish exhibits I’ve by no means seen earlier than. Is not that bizarre?”
That is an instance of an account takeover assault on a buyer account. Usually what occurs is {that a} streaming account is compromised, in all probability as a consequence of a weak and reused password, and entry is resold as a part of a typical digital black market product, typically marketed as one thing like “LIFETIME STREAMING SERVICE ACCOUNT – $4 USD.”
Within the grand scheme of issues, it is a comparatively delicate inconvenience for many prospects. You’ll be able to reset your credentials with a a lot stronger password, name your financial institution to problem a brand new bank card and be again to binge-watching The Crown in brief order.
However what occurs when related incidents happen 1000’s of occasions day by day internationally’s hottest internet purposes?
The Hidden Scale of Account Takeovers (ATO)
Flare’s latest report, The Account and Session Takeover Economic system, reveals simply how widespread and dear this problem has turn out to be. Industries like e-commerce, gaming, productiveness SaaS, and streaming are significantly hard-hit, every seeing over 100,000 newly uncovered accounts per 30 days.
The report discovered a median account takeover publicity fee of 1.4% amongst platforms starting from 5 million to 300 million customers. Of specific concern is the rise in session hijacking—a way that enables attackers to bypass multi-factor authentication (MFA) by stealing session cookies, typically by way of infostealer malware.
Returning to the streaming instance, it is seemingly that the attacker did not even must log in with a password. With an energetic session token in hand, they merely injected it right into a browser utilizing an anti-detect instrument and gained full entry—with out triggering alerts or MFA challenges.
A serious leisure or e-commerce platform with tens of millions of customers—Netflix, Epic Video games, or Wayfair—can conservatively anticipate 1000’s of buyer accounts to be susceptible to takeover at any given time.
 |
| Common New Uncovered Accounts (Month-to-month) – Scaled View from Flare’s The Account and Session Takeover Economic system Report |
What is the Actual Price of an ATO
The financial toll of ATOs is troublesome to completely quantify, however Flare’s report breaks it down into three main classes: labor, fraud, and buyer churn.
Let’s revisit the streaming instance from earlier. Some customers might chalk the problem as much as dangerous luck and stick round for the subsequent season of Stranger Issues. Others, nonetheless, might cancel out of frustration—particularly once they’ve already needed to reset passwords, cope with bank card points, or just really feel their belief has been violated. A 2023 report from fraud prevention firm Sift discovered that 73% of customers imagine the model—not the consumer—is liable for stopping ATOs.
We have used streaming for instance on this article due to their cultural significance in world leisure, however we do not make any assumptions about their safety posture, breach historical past, or enterprise practices.
To grasp the potential enterprise impression, think about a fictional leisure streaming service. If there are 100 million paying prospects at $120 per 12 months…
- If 0.5% of accounts are taken over—about one-third of the median publicity fee—that is 500,000 affected customers.
- If even 20% of these customers churn, the corporate stands to lose $12 million in annual income.
- In a worst-case situation the place 73% stroll away, the loss grows to $44 million.
That is all very tough “again of serviette” math however it gives a place to begin for quantifying the monetary dangers related to ATOs.
Keep in mind, that is only a churn danger. Fraud-related losses are a separate dialogue fully! Now extrapolate this problem throughout the tons of of internet purposes that service tens of millions of day by day customers.
 |
| Price of ATOs & Fraud Mechanism Per Business |
Suggestions for ATO Prevention
1. Monitor the Infostealer Ecosystem
Whereas ransomware grabs headlines, infostealer malware is fueling the vast majority of credential-based assaults. Flare’s knowledge exhibits a 26% year-over-year enhance in exposures involving stolen credentials and session cookies.
In keeping with Verizon’s 2025 Information Breach Investigations Report (DBIR), 88% of fundamental internet app assaults contain stolen credentials, demonstrating how central infostealers are to trendy account takeover operations.
2. Detect and Remediate Uncovered Accounts
Organizations can dramatically cut back ATO danger by combining real-time infostealer intelligence with their id and entry administration methods. This allows the detection and remediation of accounts which were compromised—particularly these with legitimate session cookies, which permit attackers to bypass authentication fully.
Proactive monitoring and auto-remediation can stop account abuse earlier than it impacts buyer expertise or bottom-line metrics.
3. Talk a Safety-First Method
Introducing friction—like pressured password resets—can really feel dangerous for buyer expertise. However most customers anticipate firms to not solely defend their knowledge but in addition talk any points.
Additionally from Sift’s report- solely 43% of ATO victims had been notified by their firm that their account had been compromised. Prospects who expertise this fraud however aren’t notified might really feel like the corporate is just not conscious of account takeovers or have steps to assist them out.
By clearly speaking the aim behind these measures, organizations can reframe proactive safety as a value-added function. Transparency round ATO dangers helps prospects really feel safer—and extra loyal—over time.
In regards to the Creator: Nick Ascoli is the Director of Product Technique at Flare and an skilled menace researcher who’s acknowledged for his experience in knowledge leaks, reconnaissance, and detection engineering. Nick is an energetic member of the cybersecurity neighborhood contributing to open-source tasks, commonly showing on podcasts (Cyberwire, Merely Cyber, and so forth.) and talking at conferences (GrrCON, B-Sides, DEFCON Villages, SANS, and so forth.)
