Account takeover

Account takeover (ATO) is a type of cyberattack where a malicious actor gains unauthorised access to a legitimate user's online account. Once in control, the attacker can impersonate the victim to make fraudulent transactions, steal sensitive data, send spam or phishing emails, or use the compromised account as a springboard for further attacks. This typically occurs when attackers obtain login credentials through methods like phishing, malware, or exploiting weak/reused passwords from data breaches.