Buying sneakers is an expensive enough business as it is, but automated ‘sneaker bots’ getting in lightning-quick upon the launch of a hot new pair of kicks, and buying up stock – in order to resell for a massive profit later, when the entire inventory is sold out at retailers – is an increasingly aggravating issue for genuine buyers.
Not just purchasers, either, but said retailers are also suffering a great deal under the sheer weight of bots, which can suck up all their bandwidth – maybe even taking the site down – forcing them to take preventative countermeasures, while trying not to harm (or annoy) genuine buyers with those defenses (such as CAPTCHA tools, as an obvious example). Not to mention making the sneaker brands look even more expensive.
Security firm PerimeterX has penned an extensive blog post (opens in new tab) on just how active these sneaker bots remain, and how easily they are used.
- More cyber security predictions for 2020
- Secure VPN providers 2020: safe options for the best security
- We’ve picked out all the best antivirus software
Looking at two new pairs of popular shoes which hit shelves on November 2, and breaking down sales from a number of prominent shoe retailer websites, PerimeterX found that at launch time between 55% to 68% of all traffic was due to sneaker bots.
These were the Adidas soft version of Yeezy 500’s, and Nike Air Jordan 1 Retro High OG ‘Fearless’, so in other words, when these shoes were released and the mad rush to buy them started, over half – spiking up to more than two-thirds – of all purchasers were automated bots.
So people who actually want to buy sneakers to wear them are seemingly in the minority, outmuscled by the folks looking to snatch as many pairs as they can, in order to resell them on third-party marketplaces or auction sites – inevitably at massively inflated prices.
It’s a situation gig goers will be very familiar with: tickets are released, and you click-click-click on the buy button the second they go on sale, only to be informed you’ve lucked out. Then you immediately check the third-party sites to see an absolute ton of tickets which profit-spinners are already trying to flog in their droves.
So what’s to be done? Well, it’s a tricky problem to address in the world of sneakers. While in the US, the Bots Act of 2016 combats the usage of bots with regard to concert tickets, there is no such protection for shoes. There isn’t anything illegal about using bots to buy sneakers.
So there is no legal barrier, and also no skills barrier either, because all-in-one (AIO) bot software does everything for you, including evading detection.
As PerimeterX observes: “The Tesla of sneaker bots is a tool called CyberAIO by Cybersole. Designed with a beautiful User Interface, CyberAIO is also a technically sophisticated product.”
The firm adds: “CyberAIO users simply pick the sneakers they want to buy from a menu of upcoming drops, set a budget, and then sit back. CyberAIO covers over 170 sites, including not only sneaker retailers but also brand sites and streetwear companies like Supreme – another company that uses limited release items to drive awareness and brand perception.”
Further note that CyberAIO has just been released as Android and iOS apps.
The low-risk, high-reward world of sneaker reselling is becoming more and more popular then, and indeed even the apps like CyberAIO are very expensive as a result.
Despite retailers making all manner of resourceful moves in the past to try to defeat the sneaker bots – including tricking one into spending $10,000 (about £7,600) of its user’s money on a placeholder product – going by PerimeterX’s latest analysis, this still remains a big, thorny problem.
The security firm suggests that its bot mitigation service can help, naturally enough – or indeed any specialized bot mitigation solution, and doubtless some retailers may already be investigating this sort of tech.
For now, though, PerimeterX suggests that we can prepare for “winter sneaker drops [which] could cause a botpocalypse for unprepared retailers and brands”.
- Check out our piece on weaknesses in e-commerce security