Account Takeover

Account takeover is a lucrative business for cybercriminals, as accounts can contain valuable information and or be used to launch spam or abuse campaigns. As data breaches proliferate, stolen credentials are becoming easier and cheaper to purchase on the dark web. DataVisor’s Unsupervised Machine Learning Engine analyzes all accounts and events simultaneously, allowing it to detect the hidden connections between hijacked accounts, even when each account is not suspicious in isolation. This allows it to detect the accounts without training data or labels, even as attackers use sophisticated and evolving tactics to evade detection.

Request Trial

How Attackers Take Over Accounts Without Being Detected

Massive Bot Armies

Fraudsters use armies of bots to test millions of stolen credentials or access accounts with commonly-used passwords.

IP Obfuscation

Fraudsters utilize proxies, VPNs, or cloud-hosting services to evade IP blacklists and appear as multiple legitimate users.

Device Obfuscation

Fraudsters utilize mobile device flashing, virtual machines and scripts to appear as though the login events are coming from different devices.

Why Unsupervised Machine Learning for ATO Detection

Modern account-takeover attacks are coordinated and distributed, using stolen credentials and detection-evasion tactics. Because traditional fraud solutions only analyze each account in isolation, they are often unable to effectively detect these attacks. DataVisor’s Unsupervised Machine Learning Engine analyzes all user accounts and events at the same time, uncovering the hidden connections between them. This allows it to detect stolen accounts without training data or labels, even if there is nothing suspicious about the account in isolation.

Stop Evolving Threats

Uncover new, sophisticated attack campaigns without any training data or labels.

Early Detection

Detect account takeover at login before any downstream damage is done.

Accuracy and Coverage

Catch entire rings of hijacked accounts without impacting good users.

Learn More About How DataVisor Stops Account Takeover


DataVisor Uses UML to detect 50% more Account Takeovers at a major online payment platform.

Read Case Study


Momo uses DataVisor’s Detection Solution to detect mass account registration and account takeovers.

Read Case Study


Gain unprecedented insight into the behaviors and techniques fraudsters use to evade detection.

Download Report

The DataVisor Detection Solution

Unsupervised Machine Learning Engine

Predict new, unknown threats without labels or training data by analyzing hundreds of millions of accounts and events simultaneously using the industry’s most advanced unsupervised learning technology.

Supervised Machine Learning Engine

Use industry leading supervised machine learning algorithms to augment the unsupervised machine learning detection with client-provided labels.

Automated Rules Engine

Generate and deprecate rules automatically, lowering maintenance costs and improving results explainability.

DataVisor Global Intelligence Network

Aggregate and analyze the industry’s broadest array of digital fingerprints and signals from billions of users across a variety of industries.

Account linkage view to discover hidden links among malicious accounts

Learn More

What’s Happening With Account Take Over Attacks


Infographic: The Online Fraudster’s Tool Shed

DataVisor releases a new infographic highlighting the tools fraudsters use to build their armies of attackers. From their email addresses to their use of cloud services, we know what they are doing when they are DIY-ing an attack.

Read Blog


Account Takeover Fraud: The Anatomy of an ATO Attack

Account takeover fraud fuels the underground fraud-as-a-service economy with compromised accounts, which are sold or exchanged for a variety of downstream attacks. Since these accounts are created by real users (unlike mass-registered fake accounts), they often contain valuable information such as financial data, and their activities are less likely to raise the suspicion of security solutions. Learn about the techniques attackers use to take over accounts en masse.

Read Blog


Guest Post: Lock It Down and Smarten Up – Best Practices for Online Security

The harsh reality of today’s e-commerce cesspool is that there truly is no silver bullet. Neither Batman nor Elliot Alderson can save us from the brute-force hackers, the Trojan Horse malware, or the Nigerian princes asking for fund transfers. Instead it’s up to us to lock it down and educate others on the intricacies of online security and protection.

Read Blog

Read DataVisor’s Latest Posts

Go To The Blog

Getting Started

Want to get started and find out how DataVisor can help find malicious accounts hiding inside your online service? Request a security assessment today!

Request Trial