Denial of Inventory

Attackers limit the availability of competitive goods or services to cheat customers

Automation lets attackers take ecommerce items out of circulation by constantly ‘reserving’ them in online carts. Subsequently, attackers never checkout and continue to accumulate items in their cart for the purpose of making them unavailable for purchase by others. Denial of Inventory can be discerned from Ticket Scalping in that the goods, or services, are never actually purchased by the attacker.

Denial of Inventory is also known as Blocking Transactions, Hoarding, Hold-All Attack, Inventory Depletion, Inventory Exhaustion, and Stock Blocking.

Attackers reserve items in their online shopping carts at a volume and velocity that would otherwise be unachievable by legitimate sources.

Denial of Inventory is used to conceal cheap airfares, hotel rooms, and restaurant reservations

Attackers exploit major airlines and trick unsuspecting travelers into booking more expensive airfares. Firing thousands of automated requests per second, attackers repeatedly reserve the most affordable seats on popular flights. This temporarily exhausts the allocated airfare inventory and gives the impression it is out of stock, which forces legitimate customers to purchase their ticket at a premium from a competing merchant.

Attackers also exhaust availability in other types of web applications, including restaurant reservations, hotel bookings, availability slots, budget apportionments, product rations, service allocations, and queue positions.


