Case Study: Ulta Beauty achieves $80,000 in savings by blocking API-based enumeration attacks with Cequence Security

Ulta Beauty Reduces Costs by Blocking API-based Enumeration Attacks

Ulta Beauty faced a persistent, high-volume inventory API enumeration attack against a third‑party local‑inventory search API. The attack spiked traffic to roughly 700× normal volumes, rotated through more than 153,000 product/SKU combinations while scraping 61,000 ZIP codes and 33,000 products, and used high-quality residential proxies and mobile API pivots to evade simple edge blocking. Cequence Security (via its CQ Prime Threat Research Team) was engaged to investigate and mitigate the activity.

Cequence Security and Ulta’s CTI team implemented targeted blocking policies that stopped behaviors like direct‑to‑API access, volumetric enumeration, outdated browser signatures, and single‑cookie generation; those policies have blocked 85.9M requests since April 1, peaking at about 17M blocked requests, and saved Ulta Beauty approximately $80,000 in infrastructure and loss‑prevention costs while relieving the third‑party API provider of the surge load.

Ulta Beauty