By Kasada Threat Research Team
Using Bots to Steal Pharmacy Accounts and Resell Prescriptions
For the first time, Kasada threat intelligence observed the use of credential stuffing to attack pharmacies, steal customer accounts, and exploit the distribution of prescribed medications. Accounts stolen by bots provide access to active prescriptions, which are then resold illegally on a secondary marketplace for profit.
This activity is both illegal and dangerous. It puts medications in the hands of people who don’t have a prescription from a doctor and enables substance abuse. It also takes prescribed medications away from the people who need them legitimately.
The Evolution of Bots: From Sneakers to Pharmacies
It’s been well publicized that scalper bots “skip the digital line” and purchase in-demand items such as sneakers, gaming consoles, and NFTs. More recently, people have realized that the same bots can be repurposed to score any item or service wherever demand outpaces supply, such as baby formula, semiconductor chips, and even COVID-19 vaccine appointments.
Malicious bots facilitate billions of dollars in online fraud, in part by automating login processes to test stolen user credentials and perform account takeover (ATO). Stolen accounts obtained from credential stuffing attacks are exploited by making fraudulent transactions and depleting stored value. Using bots to commit ATO has been pervasive for a long time in industries such as Retail, Media & Entertainment, and Financial Services.






