ACCOUNT
TAKEOVER
OBSERVATORY

by @magoo

---

REPORT : 2020 Q1

This report offers insight into large account takeovers trends that happened over the first quarter of 2020.

Netflix, Spotify, StockX, Hulu, and Houseparty stood out.

---

NOTES

Netflix : Very large attack shortly after pandemic declared on 2020-03-11s.

Spotify : "Playlist" fraud. ATO'd accounts either sold for normal usage, or, playlist fraud used to make money.

StockX : Fraudulent purchases starting off the quarter.

Hulu (1 & 2)

Houseparty appears at the end of the quarter. Press (1,2,3). Possibly a false positive, but under strange conditions. Aggressive single-day runups like this are usually FP, but the tweets suggest real malicious account activity. However, the company suggests it is a misinformation operation.

---

DATA

The following data has no analysis and includes frequently seen companies that regularly fight ATO.

This is a total summary of all tweets meeting my criteria.

This is a breakdown of totals per @mention which helps find outliers.

---

REVIEWED

The following were reviewed for unusual activity.

• askplaystation: 1038
• instagram: 807
• netflix: 699
• facebook: 620
• snapchatsupport: 565
• spotifycares: 521
• roblox: 489
• netflixuk: 423
• teamyoutube: 395
• netflixhelps: 388
• jagexsupport: 386
• spotify: 371
• twittersupport: 284
• eahelp: 251
• playstation: 224
• dominos: 219
• steam: 181
• askps_uk: 174
• twitchsupport: 171
• rockstarsupport: 160
• stockx: 156
• mojangsupport: 153
• snapchat: 144
• whatsapp: 138
• uber_support: 133
• twitter: 130
• youtube: 126
• steam_support: 120
• google: 117
• hulu: 114
• uber: 114
• hulu_support: 105
• amazon: 90
• pubgmobile: 90
• amazonhelp: 88
• discordapp: 83
• easportsfifa: 81
• riotsupport: 76
• facebookapp: 73
• gmail: 70
• fortnitegame: 69
• netflixindia: 68
• epicgames: 67
• jagexweath: 65
• blizzardcs: 64
• blizzard_ent: 63
• jagexash: 61
• depop: 59
• starbucks: 59
• rbx_coeptus: 58
• playadoptme: 56
• spotifyuk: 51
• revolutapp: 51
• ea: 47
• ytcreators: 46
• askdepop: 45
• linkedin: 45
• paypal: 45
• wishshopping: 45
• askpaypal: 43
• cashapp: 43
• linkedinhelp: 42
• spotifyusa: 42
• twitch: 39
• amazonuk: 38
• caviar: 38
• disneyplus: 37
• etsy: 35
• amazonin: 32
• oldschoolrs: 31
• xboxsupport: 30
• applesupport: 30
• askebay: 29
• niantichelp: 29
• youtubeindia: 29
• rockstargames: 28
• atviassist: 28
• pubg_support: 27
• officialefcc: 27
• fb_engineering: 26
• microsofthelps: 26
• microsoft: 24
• crunchyroll: 23
• wishsupport: 23
• pokediger1: 23
• okcupid: 22
• ubisoftsupport: 21
• insideroblox: 21
• outlook: 21
• houseparty: 21
• airbnbhelp: 20
• chickfila: 20
• easports: 20
• deliveroohelp: 19
• plentyoffish: 19
• twittersafety: 19
• netflix_ca: 19
• netflixanz: 19
• chase: 19
• blizzardcseu_en: 18
• doordash: 17
• apple: 17
• bwwings: 17
• finkd: 17
• deliveroo: 17
• paytmcare: 17
• bstategames: 17
• nightbarbie: 17
• etsyhelp: 16
• mcdonalds: 16
• gtbank: 16
• pubgmobile_in: 16
• pizzahut: 16
• playapex: 16
• ubereats: 16
• cashsupport: 15
• grubhub: 15
• 2ksupport: 14
• sonysupportusa: 14
• jagex: 14
• dominoscanada: 14
• telegram: 14
• paytm: 14
• goatapp: 14
• airbnb: 13
• nintendoamerica: 13
• riotgames: 13
• supportrequests: 13
• konekokittenyt: 13
• adsense: 13
• jeffbezos: 13
• delta: 13
• origininsider: 13
• pubg: 13
• runescape: 13
• yahoocare: 13
• virginmedia: 13
• sonicdrivein: 13
• nikilisrbx: 12
• chipotletweets: 12
• newfissy: 12
• growtopiagame: 12
• postmates: 12
• googleindia: 12
• yahoo: 12
• cyberdost: 11
• aeroplan: 11
• hypixelnetwork: 11
• ticketmaster: 11
• bungiehelp: 11
• playstationuk: 11
• jeruhmi: 11
• offerupsupport: 11
• firstbankngr: 11
• luke5sos: 11
• netflixsa: 11
• twitterindia: 11
• fitbitsupport: 11
• evanspiegel: 10
• xbox: 10
• sony: 10
• ubisoft: 10
• jack: 10
• sundarpichai: 10
• askrockstars: 10
• bethesdasupport: 10
• hotstartweets: 10
• venmo: 10
• flipkart: 10