Credential Theft & ATO in 2025

~13 mil

accounts were sold on criminal marketplaces

$151M

in USD revenue made from these account sales

$6 USD

median price per account sold on the marketplaces

Online reselling communities
have had a resurgence

The resale economy significantly transformed, driven by regulatory crackdowns on ticket scalping, market diversification into new product categories and platform like TikTok Shop, and the widespread adoption of AI to automate operations and manipulate consumer behavior.

A new wave of attacks

Traditional defenses can’t keep up. Kasada’s analysts tracked a surge of automation driven by AI, proxy networks, and human ingenuity, revealing just how adaptable today’s adversaries have become.

Account Takeover Goes Underground

Kasada found marketplaces selling accounts tied to gun retailers and background-check services. With sales up 16% in Q3, ATO is shifting from mass theft to targeted, high-value attacks.

“Legal” Botnets Blur the Line

Proxy networks like DSLRoot pay users to share bandwidth, turning homes into attack infrastructure and hiding malicious traffic behind real IPs.

AI Joins the Adversary Arsenal

Attackers now use AI to analyze data and automate phishing and credential theft. It’s rewriting the rules, forcing defenders to rethink how they detect and respond.

“Hype” Items Diversified

Resale items have moved beyond niche collectibles into a wider range of high-demand consumer goods as macroeconomic pressures made secondary markets more attractive.

AI Influenced Purchasing Behavior

AI is being used to generate
fake reviews at scale to influence purchases and drive users to fake or non-existent product sites.

Consumer Backlash Escalated

Ticket scalping continued at scale, however consumer backlash was so strong that regulations were put in place in several countries around the world to stop this tactic.

From our analysts:
2026 predictions

Adversarial AI will become widely deployed—
continuously testing platform defenses, exploiting weaknesses, and sharing evasion intelligence in real time.

Kasada IQ Analyst

Experimentation with fully decentralized architectures
will begin: smart contract escrow, IPFS hosting,
blockchain reputation systems.

Kasada IQ Analyst

About the Data

KasadaIQ provides an inside view into the adversary ecosystem — analyzing millions of automated interactions each quarter across 2,000+ collection points and 23M+ messages from open and closed sources. This intelligence informs our defenses and helps enterprises stay ahead of evolving threats.

Learn more about KasadaIQ

More reports from Kasada

  • Images of Kasada's 2025 Q3 Threat Intelligence Report on a midnight blue background with text

    Q3 2025 Threat Intelligence Report

    New intelligence from Kasada highlights the resurgence of online reselling communities, the persistence of Account Takeover, and how AI and proxy networks are redefining the automated threat landscape.

  • pages of Kasada's Q2 2025 Threat report with a button to download to read the report

    Q2 2025 Threat Report

    Discover Q2 2025’s top bot attack trends — scraping, credential stuffing, and fraud tactics — with insights from Kasada’s threat intel team.

  • Midnight blue background with title text "Q1 2025 Threat Report" with an image of Kasada's new Threat Report.

    Q1 2025 Quarterly Threat Report

    Automated threats are growing smarter, faster, and more difficult to detect. Kasada’s Quarterly Threat Report reveals what to watch for and what to do next – powered by millions of real-time signals analyzed through KasadaIQ.

Stay ahead of bots

Get access to our monthly intel brief with fresh data, attack trends, and analysis.