Denial of Inventory
Denial of Inventory attacks deplete goods or services stock without ever completing the purchase or committing to the transaction. A bad actor uses human or machine-based automation to load a shopping cart, placing the inventory in a holding pattern, effectively denying access by other buyers.
Image 1: Denial of Inventory prevents others from executing a purchase
When orchestrated through large scale bots, it leads to a condition where the online merchant has ALL of their inventory in the “hold” state, effectively blocking legitimate customers from being able to shop for these inventory items. Denial of Inventory attacks commonly target high value retail items (e.g., sneakers, mobile devices, airline tickets) as well as restaurant reservations, delivery time-slots, and parking spots. The goal of a denial of inventory attack can vary from profit to competitive to disruptive where the attack is used as a denial of service attack.