What: Account takeover attacks have evolved into a sophisticated cybercrime supply chain targeting retail loyalty programmes and e-commerce platforms, with criminals selling stolen credentials and session cookies for £5-20.

Why it is important: The emergence of this organized criminal marketplace directly threatens the digital transformation efforts of retailers, with recent incidents showing how stolen credentials can lead to millions in losses through loyalty point theft, fraudulent transactions, and damaged customer trust.

The cybercrime ecosystem has evolved into a sophisticated supply chain that systematically targets retail and hospitality businesses through account takeover (ATO) attacks. With an alarming 28% annual growth in exposed credentials, this underground economy operates through a well-structured network of initial access brokers, who sell stolen information and active session cookies for as little as £5. The threat is particularly acute for retail loyalty programmes, which often lack robust multi-factor authentication while containing valuable, cash-equivalent points. E-commerce platforms face similar vulnerabilities, as stored payment methods and customer preferences become lucrative targets for fraudsters. The impact extends beyond immediate financial losses, affecting customer trust and operational stability. Particularly concerning is the criminals' ability to bypass traditional security measures through session hijacking, where stolen cookies enable unauthorized access without triggering standard security alerts. To combat these threats, retailers must implement a layered defence strategy, including shorter cookie durations, proactive session monitoring, and adaptive authentication measures for high-risk accounts.

IADS Notes: The article's warnings about account takeover (ATO) threats are starkly validated by recent cyber incidents across the retail sector. In April 2025, Marks & Spencer fell victim to the Scattered Spider hacking group, resulting in a £700 million market value loss and highlighting how sophisticated cybercrime networks can paralyse major retailers. This was followed by attacks on Harrods and Co-op in May 2025, with the latter exposing data of 20 million customers, demonstrating the scale of potential breaches. The financial impact has been severe, with industry data from April 2025 showing ransomware accounting for 30% of retail security incidents and average losses reaching £1.4 million per attack. The ripple effect has transformed the cyber insurance landscape, driving a 10% increase in premiums across the UK retail sector. These incidents underscore the article's emphasis on the cybercrime supply chain, as demonstrated by the December 2024 Blue Yonder ransomware attack that affected over 3,000 retailers worldwide, showing how criminals can exploit interconnected retail systems for maximum impact.

Stolen logins, lost trust: The hidden supply chain behind account takeovers in retail & hospitality