It’s a number that has been all of the headlines recently, with Yahoo disclosing a breach of more than one billion user accounts in August 2013. It’s hard to fathom a breach that large, but as we noted back in August of 2015, we are entering an era of billions of users and trillions of online accounts.
The scale is massive. We’re nearing 3.7 billion Internet users and more than 2 million apps. On every one of these apps and online services, a user has an account, with each individual person’s online existence branching off exponentially. Given how connected an account is now, from the ability to like or pin, to make a purchase, the payoff for fraudsters looking to find them, fake them, or steal them, is huge.
But we’re fighting back.
Today we announced that Datavisor protects more than one billion user accounts.
This milestone was reached in just shy of two years and speaks not only to the tireless effort of our team and company momentum, but also to just how massive the user account ecosystem is and how hard people are working to protect it.
By analyzing more than 500 billion events, from account openings to in-app purchases to money transfers and other activity conducted by each of those user branches I mention above, we’ve detected more than 50 million malicious accounts.
It’s massive armies of opening fake accounts, account takeovers, fraudulent transactions, fake reviews, and so on. It’s fraudsters who are mimicking real users by opening new accounts and mirroring “normal activity” for days, weeks and even months, to avoid detection. It’s enterprise-level security leaks such as the Yahoo breach that lead to account takeovers, causing major headaches for companies trying to protect their real users from fraudsters who now have the keys to their accounts. The downstream damages of these attacks can paralyze a company both financially and reputationally, and severely impact the experiences of its users.
Fraudsters are evolving constantly. For every defense put into place, a new attack technique is developed to bypass it. From mobile device flashing, to install farms, to utilizing cloud services to appear anywhere in the world, the detection challenge is growing. And that’s just the beginning.
To catch fraudsters, we have to stay ahead of them.This is a challenge a number of companies and researchers are trying to solve. With big data technology widely available, all of us are well beyond the traditional paradigm of just leveraging basic signals such as device fingerprints or blacklists. We are equipped with advanced machine learning and AI technologies to explore a wealth of data to dig out unknown, new patterns as they happen. For example, at Datavisor, we use unsupervised machine learning techniques to try and catch attackers earlier, even before they act. We uncover fraud rings and sleeper cells that looked normal because we don’t rely on static rules or labels to discover what is bad. This is a huge advancement in the evolution of fraud detection, but we are not going to stop there.
In this billion user era, the only thing higher than the account numbers are the stakes. Don’t fight it alone.