Nearly every online account you own is under siege. That’s not hyperbole. A staggering 83% of organizations experienced at least one account takeover incident in the past year. The numbers are alarming: 29% of US adults have been victims, totaling about 77 million people. And it’s getting worse—24% of consumers were victims in 2024, up from 18% the previous year.
The financial damage is jaw-dropping. Account takeover fraud resulted in nearly $13 billion in losses in 2023, with projections reaching $17 billion this year. By 2028, merchants are expected to lose a mind-numbing $91 billion. Not exactly pocket change.
Account takeover fraud is burning through billions, reaching a projected $91 billion by 2028. Definitely not small change.
How are criminals pulling this off? The usual suspects: credential stuffing, malware, SIM swapping. And people’s terrible password habits aren’t helping. About 70% of users exposed in multiple breaches last year reused passwords. Seriously? It’s 2025, folks. The bad guys are also getting fancier, using malicious bots, infostealer malware, and AI. Some are even deploying deepfakes. Great.
Certain industries make juicier targets. Bank accounts saw a 10% rise in takeover activity from 2021 to 2023—higher than email or eCommerce. Businesses are increasingly turning to dark web monitoring to identify compromised credentials before attackers can use them. Financial and retail sectors? They’re getting hammered the hardest. Social media platforms have become particularly vulnerable with 51% of incidents targeting these accounts in the past year.
Detection isn’t going well either. Only 43% of victims were notified by companies that their information was compromised. And 95% of fraud alerts are false positives. The systems are drowning in noise.
The ripple effects are real. Four out of five consumers will stop shopping on a site where they were victimized. Businesses face surging payment fraud, chargebacks, and higher customer acquisition costs.
Security leaders know the score—more than 75% rank account takeovers among the top four cyber threats globally. Meanwhile, over 1,000 large companies were targeted since January 2024, with nearly 2.5 million accounts breached and available for sale in early 2025. The digital wild west is getting wilder.
