Credential Stuffing Attack Prevention Saves $1.6M

January 13, 2023 | by Muzaffer Pasha

Retail API Security - Pizza Chain

In another example of pandemic influenced actions, the largest Canadian pizza chain was targeted by a credential stuffing attack that was successfully mitigated resulting in a $1.6M savings.

Most people would not imagine pizza as a cybercrime target but remarkably Canada’s largest retail pizza chain had been experiencing just that, a set of ongoing cyberattacks and retail API security challenges that disrupted their business. This pizza chain had just moved a key application to the cloud that now was being targeted by cybercriminals. This was a mission-critical API application because it processed all customer orders, regardless of the ordering method which could be done by a mobile app, calling a 1-800 number, or at a brick-and-mortar store.

Existing Security Solutions Couldn’t Rise to Meet the Challenge

When the pandemic hit, they saw a dramatic uptick in web and mobile traffic, which they attributed to work from home orders but in fact the majority of the traffic was malicious API traffic. Cybercriminals had discovered a new target and were executing automated credential stuffing attacks that were not only attempting to gain access to user accounts but also were now affecting web and app performance that was disrupting the experience of their users.

This is what the security team was looking for in a new API protection vendor:

  • Collaborative partnership: They wanted to partner with an API protection vendor to work collaboratively together to proactively discover and defend against new attacks.
  • Machine learning: A solution that used machine learning to automatically discover attacks without the need of an analyst to piece together an impending attack.
  • Move from reactive to proactive: Avoid being constantly reactive and move to a more proactive mode, where the security team could stay ahead of their attackers.

Cequence Retail API Security Enters the Picture

Cequence Unified API Protection (UAP) was introduced to the pizza chain’s security team and tipped the balance of power between the cybercriminals and the company. After implementing the Cequence UAP solution, this pizza chain was able to do the following:

  • Fraud Prevention: Blocking credential stuffing attacks ensured that account compromise and fraudulent purchases were prevented with near-zero false-positive rate.
  • Moved to proactive security: Where in the past the security team was constantly responding to attacks as they happened, they could now move to a more proactive mode where they had time to investigate further.
  • Positive user experience: In the past, customers could encounter performance issues due to the high level of malicious traffic that attempted to access the web and mobile application. Now with Cequence, customers have uninterrupted access to get their favorite pizza.

Cequence Unified API Protection Dashboard

UAP dashboard - retail API security

Pizza Worth $1.6 Million?

Working together, the pizza chain and Cequence put policies in place that have successfully blocked over 5,800 Account Takeover (ATO) attacks that resulted in over $1.6 million in savings in potential account losses. This ensured moving forward that this pizza chain was able to enable ongoing API protection that could automatically mitigate future attacks that targeted their mission-critical application and allow the company to continue to sell pizza to hungry Canadians uninterrupted.

Learn more about Retail API Security and how Cequence helped this pizza chain achieve API protection.

Get a Free API Security Assessment of Your API Attack Surface 

Free API Security Assessment

Muzaffer Pasha


Muzaffer Pasha

Senior Product Marketing Manager

Additional Resources