ATO, or Account Takeover, is the act of compromising a victim’s account in order to impersonate them to a web application and steal or modify their data. There are several flaws that can lead to ATO, such as poor authentication and authorization implementation, poor password/secret management practices etc. ATO is a dangerous attack and wider implications. It is one of the common attacks faced by online applications and should be a top-priority for development and security teams to prevent.