Customer Stories / Advertising & Marketing / United States

dynata Logo

Dynata Protects 200 Websites Using Advanced Security Features of Amazon Cognito

Learn how Dynata, a global market research firm, seamlessly improved their security posture using Amazon Cognito.

Achieved migration

with virtually no downtime

Mitigated millions

of credential stuffing events

Deployed IAM

across 200 websites

3 months of development

and coordination time saved


use for customers


The world’s largest first-party data company, Dynata, needed to protect millions of customers from unintended access events to maintain trust and keep personal data secure. The company, which operates more than 200 websites that reward consumers for their participation in business intelligence surveys, was using a custom-made authentication solution that required an increasing amount of maintenance and management to outpace the rise in sophisticated cybersecurity events. Dynata wanted to update its customer identity and access management (IAM) service to use advanced security features and stay one step ahead of threat actors.

The company had already been using Amazon Web Services (AWS) for many years before it began to explore customer IAM services from AWS. After reviewing several options, Dynata chose Amazon Cognito, a service to implement secure, frictionless customer IAM that scales. “Bot activity is basically gone on the websites where we’ve implemented Amazon Cognito,” says Aleister Cachón Guillén, director of software engineering at Dynata.

close up of creative man working at night office

Opportunity | Using Amazon Cognito to Implement Advanced Security Features for Dynata

Dynata is a global market research company with more than 70 million members in dozens of countries around the globe. The company collects marketing and preference data from people who opt in to member-based communities and fill out surveys on hundreds of websites, including many in global languages. However, threat actors from all over the world target Dynata websites with credential stuffing events to try to steal member rewards, which range in form from gift cards to cash. In a credential stuffing event, an unauthorized user gains access to someone’s username and password on one website and attempts to log on to other websites using the same credentials. “We see millions of fraud attempts a day,” says Cachón Guillén.

The company wanted a solution that offered advanced risk detection and automatic notice of credentials that have been inadvertently accessed. When it verified that Amazon Cognito would both improve the user experience and empower teams to implement robust security capabilities, Dynata began migrating its member accounts to Amazon Cognito in June 2023, and the implementation went smoothly—with virtually no disruption to customers. The company followed AWS recommendations to enhance security, including creating rules based on bad IP lists and adding captcha challenges when appropriate.

In addition, Dynata will be implementing AWS services during reward redemptions for near-real-time authentication in its verification services. “This will represent a substantial cost savings to Dynata, which currently uses a separate third-party service for this exercise” says Paul Hudson, senior vice president of engineering at Dynata.


Bot activity is basically gone on the websites where we’ve implemented Amazon Cognito.”

Aleister Cachón Guillén
Director of Software Engineering, Dynata

Solution | Achieving Virtually Zero Downtime and Protecting Customer Data Using AWS

Strong password protection is one of the advanced security features of Amazon Cognito that Dynata uses. When the customer IAM service detects a weak password, it automatically prompts the user to update it, which has strengthened the security of user data. “A significant number of our customers have already improved the strength of their credentials,” says Cachón Guillén. Moreover, Amazon Cognito automatically notifies customers when their credentials might have been inadvertently accessed on another website, substantially reducing the risk of cybercrime. “The advanced security features of Amazon Cognito represent one of the greatest benefits that it offers us,” says Cachón Guillén.

Although customers aren’t aware that their accounts are using a new authentication service, they have nonetheless benefited from automation. Using Amazon Cognito, Dynata reduced workflows to make it simpler and faster to sign on, saving about 5 seconds per log-on. More important, Dynata uses Amazon Cognito to keep customer information secure. “Using Amazon Cognito, we are maintaining the trust of our members,” says Cachón Guillén. Additionally, Dynata has greatly decreased the potential impact of credential stuffing events.

In tandem with Amazon Cognito, Dynata uses AWS Lambda—a serverless, event-driven compute service that businesses can use to run code for virtually any type of application or backend service—for custom authentication and password reset emails and to migrate accounts from its legacy system. It also used AWS Lambda to speed up its launch by enriching the Amazon Cognito JSON Web Token, which is a way to securely transmit information as a JSON object, with its legacy authentication token. “We wanted to launch as quickly as possible without reworking all of our APIs to read the Amazon Cognito JSON Web Token,” says Cachón Guillén. “That way, we use Amazon Cognito for authentication, but we still have compatibility with the domains that haven’t yet migrated.”

Dynata teams are happy to be migrating to Amazon Cognito with virtually no downtime. “Ever since we started using AWS, zero downtime has been our mantra,” says Cachón Guillén. “Because we have 200 websites, it wouldn’t be one instance of downtime, but 200.” The simplicity of using Amazon Cognito has saved Dynata 3 months of development and coordination work.

Dynata is migrating to Amazon Cognito incrementally to customize its authentication experience and branding for its 200 domains. After tackling its top four marketplaces in the first 3 months. Dynata plans to migrate all of its accounts to Amazon Cognito by the first quarter of 2024. “This was a very fast turnaround for the complexity that we have across 200 domains,” says Guillén.

Architecture Diagram

Figure 1. High-level view showing password auth and custom auth via email signature

Figure 2. Detailed view of actions and flows

Outcome | Implementing Multi-Factor Authentication Using Amazon Cognito

After it finishes migrating all of its domains, Dynata plans to strengthen its security posture by using the multi-factor authentication feature of Amazon Cognito. In addition, Dynata wants to explore custom authentication flows to make it simpler for people to log on to their accounts through password-less authentication. “We want to remove as much friction as we can,” says Cachón Guillén. “Using Amazon Cognito, we can meet that goal.”

Dynata teams are looking forward to concluding the migration effort, retiring legacy mobile and web authentication, and using only Amazon Cognito. “Once we’ve migrated all of our domains to Amazon Cognito, our authentication will be simplified and we can remove redundancy across our offerings,” says Joe Parker, managing engineer of web and mobile groups at Dynata.

About Dynata

Dynata, based in Connecticut, is a global first-party data company that provides marketing data services to 70 million consumers and business professionals. The company serves nearly 6,000 organizations in the Americas, Europe, and Asia-Pacific.

AWS Services Used

Amazon Cognito

With Amazon Cognito, you can add user sign-up and sign-in features and control access to your web and mobile applications.

Learn more »

AWS Lambda

AWS Lambda is a serverless, event-driven compute service that lets you run code for virtually any type of application or backend service without provisioning or managing servers.

Learn more »

More Advertising & Marketing Customer Stories

no items found 


Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.