A new report from Flare, The Account and Session Takeover Economy, sheds new light on a highly disturbing rise in Account Takeover (ATO) attacks. If left unaddressed, these incidents put riders and commercial drivers at serious risk. These findings highlight just how costly the impacts of ATOs can be. In extreme scenarios, firms may suffer an annual loss of earnings as high as $44 million. Digital transactions represent the future of commerce, so this is an issue that should be at the forefront of all consumer and corporate minds today.
Flare’s latest report uncovers a particularly tragic trend. Among platforms with 5M-300M users, the median account takeover exposure rate is 1.4%. This statistic serves to remind us that a small share of breached accounts can result in big financial consequences. For example, let’s say you had a platform with 100 million paid subscribers. If only 0.5% of accounts are hijacked, the potential impact is at least 500,000 users.
The Financial Impact of ATOs
These financial impacts of account takeovers can be catastrophic for companies. Flare’s new analysis uncovers a staggering worst case scenario corporate bail out. If only 20% of impacted users choose to churn post ATO occurrence, they can experience over $12 million in churning revenue. In the worst case, 73% of impacted users would likely opt to abandon the service. This would cause their combined losses to skyrocket to $44 million. This growing trend is alarming and highlights the need for organizations to make user security a priority and take steps to protect them before an attack occurs.
There’s more The report calls out the fact that most users believe companies are mostly or completely responsible for keeping users’ accounts safe. The reality is that a huge 73% users think it’s the brand—not the user—who’s responsible for stopping ATOs. Despite this expectation, just 43% of those impacted by account takeovers were notified by their businesses. This relative silence on the deal is very troubling. This void in communication only contributes to user distrust and increased chance of churn.
“73% of users believe the brand—not the user—is responsible for preventing ATOs” – Sift’s 2023 Q3 Index Report
Vulnerabilities in Digital Security
Weak passwords and reused credentials are major entry points for account takeovers. Flare’s recent report found that compromised accounts are frequently resold as well, feeding into a booming digital black market. For large online entertainment or e-commerce platforms, the risk is multiplied, as they could have thousands of compromised customer accounts at any time. As cyber threats become more sophisticated, organizations need to be one step ahead in their efforts to keep user data safe.
In fact, Sift’s 2023 report confirmed Flare’s conclusions, detailing how ATO incidents impact millions of legitimate users on online platforms. As the threat landscape increasingly undergoes changes, now more than ever it is crucial for companies to take strong security precautions.
“88% of basic web app attacks involve stolen credentials” – Verizon’s 2025 Data Breach Investigations Report (DBIR)
Steps Toward Prevention
To counter the expanding ATO menace, organizations can take a number of proactive measures focused on improving security and user confidence. Resetting credentials, enforcing more robust password policies and leveraging multi-factor authentication can all help take greater risk out from account takeovers. Organizations should focus on providing timely notice to users when their accounts have likely been compromised for greater transparency and accountability.
Flare’s Director of Product Strategy, Nick Ascoli, is a strong proponent of taking the ATO challenge head-on. Drawing on his years of experience in threat research and detection engineering, Ascoli makes the case for a shift toward proactive measures. Combined, these measures not only protect user data, but protect brand integrity.
