Account hijacking has become a routine, large-scale threat that users and online web services face. Like a siren’s call, miscreants seek to monetize on the proliferation of personal data to remote servers. For email and cloud services, the most intimate details of our lives are guarded by a single password prompt. For online social networks, an account encompasses the social capital and trust we’ve accrued with family, friends, fans, and colleagues over our lifetime.

We recently developed a technique to detect symptoms of account hijacking (e.g., sending spam to your Twitter followers). We relied on near-duplicate detection to identify clusters of colluding users and a secondary filter that distinguishes meme participants, fraudulent accounts, and hijacked victims. We ran our algorithm on 8.7 billion tweets produced between January, 2013–October, 2013 as captured from the Twitter streaming API. In total we detected 13.8 million compromised accounts and 4.6 million fraudulent accounts that miscreants used to send over 100 million spam tweets.

Major Findings

• Account hijacking is a systematic threat that impacts nascent, casual, and core users.
• Users or Twitter react quickly: 60% of users lose control of their account for a day; 90% for fewer than 5 days.
• Significant challenges remain with account recovery: 21% of victims never return to Twitter after the service wrests control of the victim’s account back from hijackers
• Victims become socially isolated: 56% of victims lose social connections as a consequence of hijacking
• Compromise spreads like a social or biological contagion: users are 10x more likely to fall victim to a phishing or malware campaign if 20 of their friends are compromised due to the trust they place in their relationships.
• Contagions are long lasting: it takes a median of over a week for Twitter to recover from an attack.

If you want to see more, check out Consequences of Connectivity: Characterizing Account Hijacking on Twitter published at CCS 2014.