← Back
Cloudflare
Cloudflare launches Account Abuse Protection to block fraudulent logins and fake accounts
Cloudflare · featuresecurityapi · blog.cloudflare.com ↗

New Fraud Prevention Capabilities

Cloudflare has announced Account Abuse Protection, a comprehensive suite of security tools designed to stop account takeover (ATO) and fraudulent activity before they occur. The new capabilities extend beyond traditional bot detection to identify abusive behavior from both automated attacks and human threat actors, addressing the industry's shift toward hybrid attack strategies that combine automation with human fraud farms.

Key Features and Detections

The announcement includes several new detection mechanisms:

  • Disposable Email Check: Identifies and blocks signups using temporary/throwaway email addresses, a common tactic for fake account creation and promotion abuse
  • Email Risk Assessment: Flags emails deemed risky based on patterns and infrastructure characteristics
  • Hashed User IDs: Cryptographically hashed per-domain identifiers that enable better detection of suspicious account activity while preserving end-user privacy

These tools complement existing features like Leaked Credentials Detection (offered free to all customers since 2024) and Account Takeover (ATO) Detection IDs integrated into Bot Management.

Scale of the Threat

Cloudflare's data underscores the urgency:

  • 41% of logins across the network use compromised credentials
  • 60% of login traffic is automated bot activity (observed on Black Friday 2024)
  • ATO detections alone catch an average of 6.9 billion suspicious login attempts daily

The company notes that password reuse across services means breaches from years ago can still unlock high-value accounts today.

Availability and Pricing

Account Abuse Protection is currently in Early Access and available at no additional cost to all Bot Management Enterprise customers for a limited period, with general availability planned as part of Cloudflare Fraud Prevention later in 2026. Developers can sign up for Early Access on the Cloudflare website.

Security Best Practices

Cloudflare recommends enabling leaked credential checks immediately and leveraging the layered defense approach that combines ATO detection with other bot management mechanisms to create comprehensive account security protection.