New solution helps prevent account takeovers
Account takeover attacks have increased 24 percent in the second quarter of 2024 compared to the same period last year, according to AI-powered anti-fraud platform Sift.
Account takeovers accounted for losses of almost $13 billion in 2023. To combat the problem Sift’s latest quarterly product update feature an enhanced solution to protect businesses from ATO fraud throughout the entire consumer journey.
Flaw in social login could expose billions to account takeover
New research from Salt Labs highlights API security vulnerabilities uncovered in the social sign-in and Open Authentication (OAuth) implementations of multiple online companies.
Sites affected include Grammarly, Vidio, and Bukalapak. The flaw has now been fixed but could have allowed for credential leakage and enabled full account takeover. Salt Labs also reports that 1,000s of other websites using social sign-in mechanisms are likely to be vulnerable to the same type of attack, putting billions of individuals around the globe at risk.
The evolution of identity-based fraud: Why ATO attacks are at the top of the list
Digital identity is the new currency, and adversaries are chasing wealth. Research shows that 61 percent of data breaches are the result of compromised credentials. This is a common fraudster tactic, whereby using legitimate credentials allows them to avoid detection as they gather intelligence and stolen data that will allow them to undertake further fraudulent transactions.
Fundamental to the defense of systems is access control, but it has its limits. Attackers are continuously trying to circumnavigate these systems to access accounts, with login and payment flows frequently targeted. This is why many organizations have invested in anti-fraud technologies to detect and mitigate against such attacks.