Loyalty Reward Program
Introduction
This case study will showcase a real assessment of the threats we discovered, and exactly how exactly Fractal Security Solutions could have helped a popular beauty retailer detect bad actor attacks early, taken the necessary measures, and prevent over $11m in losses due to account takeover.
Problem
Fractal Security was initially alerted this organization was under attack in January 2024. We received an alert showing 16,000 new customer accounts had been breached and sold on bad actor marketplaces. This was flagged because it was a 1600% increase compared to the last month. Based on the accounts for sale we estimated $250,000 in rewards were at risk from this intial attack. This direct cost from these rewards at risk can be directly felt both in loss of inventory and reimbursement to affected customers.
Our fraud analyst team was immediately dispatched and in 48hrs discovered the vulnerabilities that led to the initial attack, as well as the methods illegitament customers were using to purchase products fraudulently.
The initial intel found on the bot developers, account sellers, and illegitimate customers attacking this organization is as follows:
Discovered bots for this site accessible for $70/m, which is lower than the average bot for sale signaling a low barrier to attack.
Finding these bots was relatively easy signaling high potential of attacks increasing.
Customer accounts were selling for $1.80 with a minimum rewards balance of $10. The most commonly purchased account had a balance of $20. The most expensive accounts for sale held over $1,000+ in rewards.
Account sales were high and stock was low signaling fast sellouts and high demand by illegitimate customers, and low security barrier to fraudulently purchase the retailers products.
Identified a method illegitimate customers were using to bypass 2FA security while signing into purchased accounts.
Fractal Security analysts organized this information into actionable insights with threat levels so the organization could choose to focus on the intel to deter and mitigate damage, or focus on preventing future attacks.
Over the next 3 months the site started to gain traction and became on the top targets of bad actors due to the organizations lack of awareness, slow incident responce time, and insufficent site defense. In this timeframe we saw attacks increase, demand grow, and bots become more sophisticated.
Identified new bot built specifically for this site that used exploits to bypassed proxy protection and captcha solvers and were able to verify over 20,000 credentials a minute. This is one of the highest rates of attack we’ve ever witnessed on a site.
The cost of this specific bot was more expensive costing $1500/m but it was able to successfully verify over 80,000 accounts signalling a significant rate of return for botters attacking this site.
Average cost of accounts decreased signaling a massive influx of breached accounts
Sales remained consistent over the last 90 days with a spike in the last week
Total vendors selling customer accounts for this site increased from 5 to over 200
Damage
The biggest attack on this company’s customers happened this week. 150,000 new accounts were breached and added to bad actor marketplaces accounting for any estimated $3,000,000 in reward based cash at risk.
Since our original alert 3 months ago over 615,000 accounts have been breached, accounting for an potential estimated minimum of $11m dollars in reward based cash at risk. The damage based on the accounts and exposed rewards has increased 4,400% over the last 90 days. This number of found accounts is only based on accounts that have a reward balance, not the total number of accounts at risk.
The damage doesn’t stop their. Account takeover impacts your customers, the lifeblood or your company.. Your companies brand equity, reputation, trust, and marketshare can all be affected. We were alerted by mutiple recently posted reviews from frustrated customers who had their accounts breached and reward balances fraudulently spent.
We also noticed a reviewer frustrated with the effort required to contact customer service to resolve her missing balance and receive a reimbursement from this incident was so high that she would no longer purchase from the store again. A loss of a loyal high paying customer.
Additional costs such as fines for improper protection regulations. The cost on your marketing and PR team if an incident of this scale is published. The cost on customer service team to handle an influx of frustrated customers.. An increase in server costs due to the spikes in traffic from credential stuffing. Alone these could be insignificant, but together they pose a serious cost to organizations that if aware of and taken seriously can be drastically reduced and mitigated.
How we solved it
With the help of Fractal Threat Recon’s service this organization would have been able to notice this initial attack and quickly respond to deter or prevent further attacks preventing the continuation of damage. It would have also given this organization a means to stay proactive and monitor for any new threats, vulnerabilities, and/or exploits the bad actors would have potentially discovered and attempted to exploit.
Conclusion
The threats are there, the damage is real.
The damage inflicted by bots and illegitimate customers is tangible and can be seen through the direct losses of inventory, reimbursed rewards, customers, reputation, and marketshare.
Most of the site fixes to deter bad actors and illegitimate customers are relatively easy to patch, the biggest gap is the awareness and visibility of the issues. An exposed endpoint, or a improper installation of a security measure is all that’s needed to open the door to attackers and fraud.
Current dedicated bot defenses make botting more expensive, however it doesn’t prevent it. The need for the new generation of anti-bot solutions is at an all-time-high as organizatons only option to deter bad actors is to pay for multiple bot defense vendors to increase the cost and rate of attack.
Fractal Security provides the a next generation bot defense coupled with threat intelligence to keep your organization ahead of sophiscated bad actors
Last updated