How Shape deflected even the most sophisticated bots, reliably stopping these website attacks.
A major international airline has 30 websites, offered in 11 languages, to provide flight information and host frequent flyer accounts. Cybercriminals and fare aggregators have compromised customer accounts and misappropriated airline information using automated attacks.
In 2014, cybercriminals compromised a large number of frequent flyer accounts using an automated credential stuffing attack. The subsequent theft of frequent flyer miles attracted international press attention, drew negative social media commentary, and created customer dissatisfaction.
Aggregators used scraping bots to discover and publicize non-compliant ticketing options. These unauthorized bookings disrupted the airline’s ability to manage revenue and reduced the airline’s operational flexibility.
These attacks were economically motivated. Travel aggregators monetized airline information by charging commissions or selling advertisements. Cybercriminals resold stolen award tickets or frequent flyer miles on Darknet markets.
- Deflected all automated traffic and kept it from reaching the airline’s website
- Credential stuffing attacks were completely mitigated
- Automated fare scraping can be blocked at any time
DOWNLOAD FULL CASE STUDY (3.6MB PDF)