Everyone has cybersecurity stories with the participation of family members. Here is relatively common. The conversation is usually approximately:
“The most amazing thing that happened to my account. I was blocked from my account, so I had to change my password. When I logged back, all my shows left. Everything was in Spanish and all these Spanish shows I have never seen. Isn’t it surprising?”
This is an example of an assembly attack on the customer account. Usually what is happening is that the streaming account is compromised, probably from the weak and re -used passwords, and the access is resolved within the usual digital market product, which is often advertised as something like a “lifetime account of the service – $ 4”.
In a grand scheme of things, this is a relatively soft inconvenience for most customers. You can reset your credentials a much stronger password, call your bank to issue a new credit card and go back to watching the binge Crown In short.
But what happens when such incidents occur thousands of times a day in the most popular web applications in the world?
Hidden scale accounting of accounts (ATO)
Recent report Flare, Economy Account and SessionIt reveals how widespread and expensive this issue. Industry such as e -commerce, game, SAAS performance and streaming stream, especially tough, each of which is more than 100,000 recently open accounts per month.
The report shows that the average billing level is 1.4% among the platforms within 5 to 300 million users. Particularly concerned is the growth of the division-technical session, which allows the attackers to bypass multifactorial authentication (Foreign Ministry), stealing a session of cookies, often using malware Infosteeler programs.
Returning for example streaming, it is likely that the attacker did not even need to enter the password. With the active token session in their hands they just put it into the browser using an anti-vibrant tool and gained full access-bezing alerts or MFA problems.
The main entertainment platform or e-commerce with millions of users-Netflix, Epic Games or Wayfair-can conservatively expect that thousands of customer accounts will be vulnerable to absorption at any time.
 |
| Average new billets (monthly) – a scalable species from the account and the session absorption report |
What is the real cost ato
The economic amount of atos is difficult to fully estimate, but the FLARE report breaks into three main categories: work, fraud and buyers.
Let’s review the example of streaming from earlier. Some users can change the problem before failure and follow next season Unfamiliar things. Others, however, may abandon frustration – especially if they had already had to drop passwords, deal with credit card problems or just feel that their trust was violated. A Report 2023 The prophylaxis prevention campaign found that 73% of users believe that the brand is not a user responsible for preventing ATOS.
In this article, we used a streaming transfer as an example of their cultural significance in the world entertainment, but we do not assume the security of the security, the history of violation or business practice.
To understand the potential impact on the business, consider fictitious Entertainment broadcasting service. If 100 million pay customers for $ 120 a year …
- If 0.5% of accounts are taken up by a third of the average level of exposure, it is 500,000 affected users.
- If even 20% of these users, the company can lose $ 12 million annual income.
- In the worst case, when 73% go out, losses grow to $ 44 million.
This is all very rough math “back napkins”, but it gives the starting point to quantify the financial risks associated with ATOS.
Remember it’s just a risk. Losses related to fraud is a separate discussion completely! Now extrapolate this problem in hundreds of web applications that serve millions of daily users.
 |
| The cost of the ATOS mechanism and fraud in the area |
Recommendations on prevention ato
1. Keep track of the Infosteler ecosystem
While the ransom lacks headlines, malicious InfosteAler software firing most attacks based on accounts. FLARE data shows an increase in exposition by 26% compared to last year with the participation of stolen powers and session cookies.
According to Report on Investigation Data Verizon 2025 (DBIR(
2. Identify and correct open accounts
Organizations can dramatically reduce the risk of ATO by combining the intelligence in real time with their identity and access control systems. This allows you to identify and restore accounts that have been compromised – especially those who have real sections that allow the attackers to completely bypass authentication.
Active Monitoring and Automatic Adjustment can prevent account abuse before it affects customer experience either Metrics of the bottom line.
3
Introduction of friction – for example, forced password reset – may feel risky for customer experience. But most users expect companies not only protecting their data, but also to report any problems.
Also from the SIFT report- only 43% of ATO victims reported that their account was compromised. Customers who feel this fraud but are not reported may feel that the company does not know about the absorption of accounts and has no steps to help them.
By clearly reporting the goals of these measures, organizations can remake active safety as a value -added function. Transparency around ATO risks helps customers feel safer – and more loyal – in time.
About the author: Nick arsules is the director of the product strategy at the address Flare And an experienced threatening researcher who is recognized for his experience of data leakage, exploration and detection of engineering. Nick is an active member of the cybersecurity community that promotes open source project, regularly appearing in podcas (Cyberwire, just cyber, etc.) and speaking at conferences (GRRCON, B-Sides, Defcon Pillages, Sans, etc.)
