Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Retail account takeover fraud has surged in recent years, with attackers exploiting stored payment details, loyalty points, and digital wallets. This blog analyzes five of the biggest and most impactful retail account takeovers in recent years, evealing how each unfolded, how customers were affected, and how real-time, in-session defenses could have changed the outcome.

We’ve all been there, pushing through a cold, a nagging pain, or a persistent feeling of being "off." We tell ourselves it’s nothing, that we’re too busy to slow down. I did the same thing, ignoring my body’s subtle whispers until they turned into a deafening roar. One moment, I was pushing through a typical day, and the next, I was in a hospital bed, a stark reminder that ignoring warning signs can have serious consequences.

In Uber’s 2022 breach, attackers didn’t crack encryption or exploit some unknown flaw. They flooded an employee with MFA prompts until they became exhausted. One careless tap, and an entire enterprise was open. The lesson isn’t that MFA failed. It’s that MFA itself can become the exploit surface. From AiTM phishing proxies like EvilGinx to automated OTP interception, attackers treat MFA like DevOps treats CI/CD, i.e, scalable, repeatable, and scriptable.

Top tips is a weekly column where we highlight what’s trending in the tech world and share ways to stay ahead. This week, we’re uncovering the truth about app deletion, why removing an app from your phone doesn’t always mean your data is gone, and how to make sure your personal information doesn’t keep following you long after you’ve tapped uninstall. I recently found myself staring at my phone’s home screen. It felt cluttered.