Tomasz Ludwiczak
, Senior Engineering Manager at Allegro

The Challenge: Unveiling the Threat of Bots

It’s rare enough to be worth mentioning—Allegro initially had no known issues with malicious bots! The awareness of such threats emerged after reading an article about Amazon and Walmart’s bot struggles in the United States. Tomasz Ludwiczak, a Team Leader at that time, realized the potential dangers for Allegro, especially in scenarios like scraping.

“Some entities collected public data on pricing and product catalogs,” he recalls, “information which, on a large scale, can be valuable to our competitors.”

Tomasz, aware of the broader spectrum of threats, identified credential stuffing as an additional risk for Allegro with their Anti-Fraud and Security teams. These account fraud attacks involved hackers using leaked passwords from other websites to gain unauthorized access to user accounts that use the same password on many services—a huge security problem for an e-commerce platform, putting user accounts at risk.

Faced with the possibility of such threats, Allegro proactively decided to explore solutions, recognizing the importance of preparation in the face of rising bot activities. “We assembled a task force of amazing engineers and an excellent lawyer,” Tomasz says.

The Solution: A Reliable, Adaptable Tool Compliant With European Regulations

When Allegro began searching for a bot management system, the team relied on the selection criteria already established when looking for an anti-DDoS solution a few years earlier.

“First, we needed a system compliant with the data protection standards of the GDPR and the Polish Financial Supervision Commission’s requirements, from the perspective of which data processing exclusively within the EEA was essential,” Tomasz explains. “This ruled out a few candidates.”

Then, of course, the chosen solution had to demonstrate optimal quality management in attack detection, and above all, great adaptability. The Allegro task force appreciated this feature at DataDome: “It was important for us to be able to react in a targeted way to each attack. For example, whitelisting certain players, so as not to block real users in the first place.”

Allegro was also looking for a tool that would be suitable for mobile applications and would not slow down the user experience or excessively consume battery power.

After a long and detailed search, DataDome emerged as the preferred solution, in particular thanks to the quality of its customer support. “We love them,” Tomasz says, “DataDome has great engineers, and the weekly meetings are always a treat. The whole team is a pleasure to work with.”

The Results: Bot-Resilient Website, Unaffected Customers, and Continuous Improvement

Implementing DataDome proved crucial in safeguarding Allegro against malicious bot activities. The tool effectively slowed down and mitigated threats, especially in scraping and credential-stuffing scenarios.

“I’m sure that, without DataDome, we would have encountered various problems with scraping bots, stuffing bots, and potentially also bot-driven vulnerability scanning attacks,” acknowledges Tomasz.

For Allegro’s customers, the protection remains invisible and the user experience transparent. “Our main goal is to not negatively impact the customer experience,” Tomasz says, “and that is why I like DataDome’s very simple CAPTCHA page and their new approach with the ‘invisible CAPTCHA’.”

For him and his team, bot management is facilitated by an intuitive user interface. In addition to the customer support, Allegro appreciated the simplicity of working with the Technical team and their flexibility in implementing Allegro’s feedback.

“Allegro and DataDome share the same ‘post-mortem’ culture. We take the time to analyze every outage and DataDome has always been there to improve and fix things when necessary. What’s more, we love the fact that they replaced the Allegro logo with a ninja logo on the dashboard!” Tomasz concludes on a humorous note.