Case Study / Financial Services
Stopped a coordinated credential-stuffing campaign across 18 customer portals.
Tier-1 European Investment Bank
What we were called in to solve.
Following a competitor’s breach, our client — a Tier-1 European investment bank — was targeted by a coordinated credential-stuffing campaign across 18 customer-facing WordPress portals. Existing controls were generating noise but no decisive action.
How OwlEye executed.
- 01Deployed OwlEye edge WAF with bank-specific rate-limiting in 4 hours.
- 02Forced rotation of 240k customer session tokens behind a transparent re-authentication flow.
- 03Stood up a dedicated incident channel with our Tier-3 analysts for the duration of the campaign.
- 04Implemented behavioral fingerprinting to distinguish humans from headless browsers.
Quantified, audited, repeatable.
2.4M malicious requests blocked over a 72-hour window. Zero customer accounts compromised. The bank’s CISO presented OwlEye’s after-action report to the board as the new standard for vendor-managed perimeter defense.