We hear about account abuse and credential stuffing all the time. Let’s dive into some code and see why this is so simple, and what is the problem you need to address as an engineer. In this talk, we will explain why this is so common by exploring examples from our datasets and going through the entire process, targeting a demo mobile application. Starting from reversing the APK up to running the automated fraud. We will also cover some approaches to protect both the business and the consumer from such attacks