Unlike a typical e-commerce marketplace, Uber’s marketplace is real-time, therefore stopping fraud has to happen in real-time too. In this talk, we will dive into Account Takeover (ATO) attacks and how we built a near real-time semi-supervised learning system to keep your Uber accounts safe. ATO attacks evolve very fast and may last only for a short time period. Thus traditional way of training a model once a week/day doesn’t really help us to defend against new attack vectors. This lead us to develop a semi-supervised learning system that is built on top of Apache Spark and uses clustering techniques and feedback signals from our ATO challenges to detect and stop new attack vectors. We will discuss our results from online clustering using streaming k-means and also from batch clustering using more complex clustering algorithm, DBSCAN. We will also share some lessons on feature selection and hyperparameter tuning for clustering algorithms which plays a crucial part in performance.