Account vulnerability alerts
First Claim
1. A system for assessing an account takeover risk of one or more online accounts of a user, the account takeover risk indicating likelihood of an unauthorized user determining access credentials of one or more online accounts of the user, the system comprising:
- a data store that stores account information associated with a plurality of online accounts, wherein the plurality of online accounts includes two or more online accounts of a user and a plurality of additional online accounts of users other than the user, wherein the two or more online accounts of the user includes a first online account with a first service provider and a second online account with a second service provider; and
a computing device in communication with the data store, the computing device configured to execute software instructions stored in a non-transitory computer readable medium to;
determine, based on account information associated with online accounts with the first service provider of one or more additional users other than the user, at least a first security question identified as being presented by the first service provider to one or more of the additional users previously;
determine, based on account information associated with online accounts with the second service provider of one or more additional users other than the user, at least a second security question identified as being presented by the second service provider to one or more of the additional users previously;
scanning one or more social media networks for publicly accessible data associated with the user responsive to the first security question or the second security question, wherein identification of publicly accessible data responsive to the first security question or the second security question indicates an account takeover risk;
accessing each of the two or more of the plurality of accounts over a network using associated user login credentials of the user associated with the respective accounts;
determining account relationship information comprising a plurality of links between respective of the online accounts, wherein a first link between a first online account and a second online account indicates a common account takeover vulnerability comprising at least one of;
(a) the first online account and second online account are configured to send account authentication messages to a same device or same email address, or(b) the first online account and second online account share a password,wherein the account relationship information is generated at least in part by account information obtained via the automated accessing of the two or more of the plurality of accounts over a network using associated user login credentials;
determine one or more vulnerabilities to hostile account takeover of the respective online accounts of the user, wherein the one or more vulnerabilities are determined based at least in part on the account relationship information and any account takeover risk associated with identification of publicly accessible data responsive to the first or second security questions; and
electronically provide the user with an alert regarding the determined one or more vulnerabilities; and
electronically provide the user with an alert regarding the determined one or more vulnerabilities;
determine one or more remedial actions taken by the user associated with the determined one or more vulnerabilities;
electronically provide the user via user interface, an indication of the determined remedial actions; and
provide the user with an option to electronically adjust alert settings, including a risk severity setting indicating a severity of determined vulnerabilities.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for assessing an account takeover risk for one or more accounts of an individual. The account security procedures for each of a number of services with which the user has an account may be analyzed. Publicly accessible information regarding the user may also be collected and analyzed. The collected information and security procedures may be compared in order to determine one or more vulnerabilities to hostile account takeover of one or more of the analyzed accounts. An alert may be generated regarding a determined takeover risk, which may include suggested actions for remedying the risk.
1363 Citations
8 Claims
-
1. A system for assessing an account takeover risk of one or more online accounts of a user, the account takeover risk indicating likelihood of an unauthorized user determining access credentials of one or more online accounts of the user, the system comprising:
-
a data store that stores account information associated with a plurality of online accounts, wherein the plurality of online accounts includes two or more online accounts of a user and a plurality of additional online accounts of users other than the user, wherein the two or more online accounts of the user includes a first online account with a first service provider and a second online account with a second service provider; and a computing device in communication with the data store, the computing device configured to execute software instructions stored in a non-transitory computer readable medium to; determine, based on account information associated with online accounts with the first service provider of one or more additional users other than the user, at least a first security question identified as being presented by the first service provider to one or more of the additional users previously; determine, based on account information associated with online accounts with the second service provider of one or more additional users other than the user, at least a second security question identified as being presented by the second service provider to one or more of the additional users previously; scanning one or more social media networks for publicly accessible data associated with the user responsive to the first security question or the second security question, wherein identification of publicly accessible data responsive to the first security question or the second security question indicates an account takeover risk; accessing each of the two or more of the plurality of accounts over a network using associated user login credentials of the user associated with the respective accounts; determining account relationship information comprising a plurality of links between respective of the online accounts, wherein a first link between a first online account and a second online account indicates a common account takeover vulnerability comprising at least one of; (a) the first online account and second online account are configured to send account authentication messages to a same device or same email address, or (b) the first online account and second online account share a password, wherein the account relationship information is generated at least in part by account information obtained via the automated accessing of the two or more of the plurality of accounts over a network using associated user login credentials; determine one or more vulnerabilities to hostile account takeover of the respective online accounts of the user, wherein the one or more vulnerabilities are determined based at least in part on the account relationship information and any account takeover risk associated with identification of publicly accessible data responsive to the first or second security questions; and
electronically provide the user with an alert regarding the determined one or more vulnerabilities; andelectronically provide the user with an alert regarding the determined one or more vulnerabilities; determine one or more remedial actions taken by the user associated with the determined one or more vulnerabilities; electronically provide the user via user interface, an indication of the determined remedial actions; and provide the user with an option to electronically adjust alert settings, including a risk severity setting indicating a severity of determined vulnerabilities. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method performed by one or more computing systems comprising, the method comprising:
communicating with a data store that stores account information associated with a plurality of online accounts, wherein the plurality of online accounts includes two or more online accounts of a user and a plurality of additional online accounts of users other than the user, wherein the two or more online accounts of the user includes a first online account with a first service provider and a second online account with a second service provider; determining, based on account information associated with online accounts with the first service provider of one or more additional users other than the user, at least a first security question identified as being presented by the first service provider to one or more of the additional users previously; determining, based on account information associated with online accounts with the second service provider of one or more additional users other than the user, at least a second security question identified as being presented by the second service provider to one or more of the additional users previously; scanning one or more social media networks for publicly accessible data associated with the user responsive to the first security question or the second security question, wherein identification of publicly accessible data responsive to the first security question or the second security question indicates an account takeover risk; accessing each of the two or more of the plurality of accounts over a network using associated user login credentials of the user associated with the respective accounts; determining account relationship information comprising a plurality of links between respective of the online accounts, wherein a first link between a first online account and a second online account indicates a common account takeover vulnerability comprising at least one of; (a) the first online account and second online account are configured to send account authentication messages to a same device or same email address, or (b) the first online account and second online account share a password, wherein the account relationship information is generated at least in part by account information obtained via the automated accessing of the two or more of the plurality of accounts over a network using associated user login credentials; determining one or more vulnerabilities to hostile account takeover of the respective online accounts of the user, wherein the one or more vulnerabilities are determined based at least in part on the account relationship information and any account takeover risk associated with identification of publicly accessible data responsive to the first or second security questions; electronically providing the user with an alert regarding the determined one or more vulnerabilities; determining one or more remedial actions taken by the user associated with the determined one or more vulnerabilities; electronically providing the user via user interface, an indication of the determined remedial actions; and providing the user with an option to electronically adjust alert settings, including a risk severity setting indicating a severity of determined vulnerabilities.
-
8. A non-transitory computer readable medium storing software instructions than, when executed, cause a computing system to:
communicate with a data store that stores account information associated with a plurality of online accounts, wherein the plurality of online accounts includes two or more online accounts of a user and a plurality of additional online accounts of users other than the user, wherein the two or more online accounts of the user includes a first online account with a first service provider and a second online account with a second service provider; determine, based on account information associated with online accounts with the first service provider of one or more additional users other than the user, at least a first security question identified as being presented by the first service provider to one or more of the additional users previously; determine, based on account information associated with online accounts with the second service provider of one or more additional users other than the user, at least a second security question identified as being presented by the second service provider to one or more of the additional users previously; scan one or more social media networks for publicly accessible data associated with the user responsive to the first security question or the second security question, wherein identification of publicly accessible data responsive to the first security question or the second security question indicates an account takeover risk; access each of the two or more of the plurality of accounts over a network using associated user login credentials of the user associated with the respective accounts; determine account relationship information comprising a plurality of links between respective of the online accounts, wherein a first link between a first online account and a second online account indicates a common account takeover vulnerability comprising at least one of; (a) the first online account and second online account are configured to send account authentication messages to a same device or same email address, or (b) the first online account and second online account share a password, wherein the account relationship information is generated at least in part by account information obtained via the automated accessing of the two or more of the plurality of accounts over a network using associated user login credentials; determine one or more vulnerabilities to hostile account takeover of the respective online accounts of the user, wherein the one or more vulnerabilities are determined based at least in part on the account relationship information and any account takeover risk associated with identification of publicly accessible data responsive to the first or second security questions; electronically provide the user with an alert regarding the determined one or more vulnerabilities; determine one or more remedial actions taken by the user associated with the determined one or more vulnerabilities; electronically provide the user via user interface, an indication of the determined remedial actions; and provide the user with an option to electronically adjust alert settings, including a risk severity setting indicating a severity of determined vulnerabilities.
Specification