Anatomy of Account Takeover

Wednesday, January 17, 2018 - 11:00 am11:30 am

Grzegorz Milka, Software Engineer, Google


With billions of usernames and passwords readily accessible via the black market, account takeover poses a significant threat to services that rely solely on passwords for authentication. In this talk, we provide a deep dive into the ecosystem supporting account takeovers, the danger it poses to users, and the importance of automatic, defense-in-depth risk detection systems as a fundamental defense in identity solutions. We start by exploring the relative likelihood that users fall victim to data breaches, phishing, or malware using a dataset of over 3.3 billion stolen credentials; and how hijackers subsequently use these credentials for spam, financial theft, and stepping-stone attacks. We then turn to examine how identity providers can use risk analysis, in conjunction with ‘login challenges’, to bridge the security gap between two-factor authentication and password-only users with minimal additional friction. We show the practical weaknesses of certain login challenges (SMS and email) and evidence of attackers now collecting risk profile data and challenge responses to weaken user security. Finally, we discuss ongoing challenges such as how public opinion (as measured by our user studies) may be at odds with actions identity providers should take to improve overall account security, and how the industry should try and change this.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {208153,
author = {Grzergor Milka},
title = {Anatomy of Account Takeover},
booktitle = {Enigma 2018 (Enigma 2018)},
year = {2018},
address = {Santa Clara, CA},
url = {},
publisher = {{USENIX} Association},