Fraud Basics

Is account takeover taking over the fraud landscape?

Old password habits die hard, but clinging to your weak password might be the death of your account. The author examines the growing threat of account takeover and considers the effectiveness of the most common security practices.



In May 2024, more than 500 million Ticketmaster customers were victims of a data breach attributed to hacking group ShinyHunters. Live Nation Entertainment, Ticketmaster’s parent company, confirmed the breach in a filing with the U.S. Securities and Exchange Commission (SEC) and reported that it had identified unauthorized activity within a third-party cloud database that contained company data. ShinyHunters says it obtained 1.3 terabytes of Ticketmaster’s sensitive customer data, including credit card numbers and ticket sales. The group reportedly breached Ticketmaster’s cloud data because it had compromised the credentials of an employee of Snowflake, Ticketmaster’s cloud account. With the employee’s credentials, the cyberfraudsters created session tokens and accessed customer data. (See “Ticketmaster’s Encore: How ‘ShinyHunters’ Hacked the Show,” by Rodman Ramezanian, Skyhigh Security, July 11, 2024; “Ticketmaster Confirms Data Breach. Here’s What to Know.”, by Sopan Deb, The New York Times, May 31, 2024; and “U.S. SEC Form 8-K, 001-32601,” May 20, 2024.)

The compromise of a person’s passwords and other credentials is indicative of account takeover (ATO) — the appropriation of someone else’s sensitive financial records and their access credentials. ATOs have been on the rise in recent years, and account holders at websites such as Microsoft, AT&T, Home Chef and Chatbooks have all been victims. ATO fraud increased 81% from 2019 to 2022, according to recent TransUnion data. (See “TransUnion 2023 State of Omnichannel Fraud Report,” TransUnion.) IBM’s Cost of a Data Breach report shows that breaches involving stolen credentials cost organizations an average $4.81 million per breach. (See “Cost of a Data Breach Report 2024,” IBM.) Given the growing threat posed by ATOs, organizations and customers must do more to protect the passwords that allow access to sensitive information. 


For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.