What: Account takeover attacks targeting retailers reached record levels in Q1 2025, with cybercriminals increasingly exploiting CAPTCHA vulnerabilities and third-party security gaps.

Why it is important: The findings reveal critical vulnerabilities in retail security systems, particularly as 86% of retailers use third-party tools while only 13% fully understand their data collection practices.

Kasada's Q1 2025 Quarterly Threat Report reveals an unprecedented surge in account takeover (ATO) attacks targeting the retail sector. The analysis shows retail accounts constituting a significant portion of all account sales tracked by KasadaIQ, with available stock peaking at nearly 2.5 million accounts in early January. The report identifies sophisticated attack methods, including the abuse of CAPTCHA solver services and automated validation tools, which criminals leverage to bypass security measures. Of particular concern is the exploitation of third-party integrations, where adversaries target vulnerabilities in external providers' systems. The impact extends beyond immediate financial losses, affecting customer trust and operational stability. The report emphasises how criminal groups are diversifying their operations, targeting everything from loyalty programmes to stored payment information, while demonstrating increasingly sophisticated evasion techniques.

IADS Notes: The severity of these threats is evidenced by recent industry developments. In April 2025, M&S suffered a devastating attack by the Scattered Spider group, losing £700 million in market value and £3.5 million in daily digital sales. May 2025 saw both Harrods and Co-op face similar attacks, with Co-op's breach exposing data of up to 20 million customers. March 2025's unprecedented £5.4 billion industry loss from a single security update failure further demonstrates the vulnerability of retail systems. These incidents have prompted a fundamental shift in industry approach, with retailers now prioritising rapid recovery capabilities over complete risk avoidance, as cyber insurance premiums rise by 10% across the sector.

Kasada Q1 2025 Quarterly Threat Report