What is "account takeover" or ATO?

Account takeover, or ATO, occurs when a fraudster gains access to online accounts using a victim's email address and password combination.

Usually account takeovers occur after credentials are obtained when another online account is breached. Either manually or using applications, the fraudster will test the email and password combination across multiple ecommerce platforms until they gain access to one or more accounts successfully. Victims may receive notice of purchases on a platform they haven't visited in a long time, which alerts them of the issue.

There are several ways to protect your information in general, and prevent account takeover:

  1. Change your password often. If your password has ever been exposed, changing your password to something else will remove a fraudster's ability to use the stolen information to access multiple accounts. You can check if your information has ever been breached by looking at this website.
  2. Never use the same password. Using a different, secure password across your online accounts will prevent a fraudster from being able to use information they accessed from one account's breach on another site you also use. Password best practices suggest using a minimum of 12 characters with a combination of upper and lower-case letters, numbers, and symbols.
  3. Remove payment methods. If you're not planning on shopping on Tophatter for a while, you can Manage Payment Methods to prevent unauthorized purchases on Tophatter.

Information below this line only applies to Marketplace product orders. Marketplace products are no longer being sold, effective June 1, 2022.

Tophatter used 128-bit SSL encryption to transmit payment information to our processor Braintree, and never had access to payment information; however, a successful account takeover could have resulted in unauthorized shopping on the platform within an account that had been taken over prior to June 1, 2022. Effective as of that date, no payments can be made through Tophatter. Stored card data is not usable or accessible to anyone.

If you think your account has been compromised and you have unauthorized purchases from Tophatter on your statement prior to June 1, 2022, please Contact Us for assistance, and provide the transaction amount, date, last 4-digits of the card number, and the identifier from your statement which will say TOPHATT* followed by an order or batch number.