Language selection


Detecting Account Compromise in Online Social Networks

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.


University of British Columbia



Project Leader(s)

Ivan Beschastnikh, Assistant Professor


Online social media platforms have enjoyed a huge rise in popularity in the last decade and store a vast amount of private user data, from personally identifying information, such as home address, hobbies and interests to detailed accounts of people's interactions with others on their networks. This makes them a prime target for attack by adversaries who want to collect information for malicious intent. Various forms of external attack and intrusions on social media platforms have come under scrutiny by the research community; however, insider threats have not been explored in as much depth.

This report makes two contributions. First, the researchers report the findings of their study investigating a specific kind of attack on Facebook, known as a physical insider attack. In such an attack, a victim's account is compromised through a personal device belonging to them (physical) often perpetrated by someone the victim knows and/or trusts (insider). While the security research community is well aware of such attacks, there is limited knowledge of their prevalence. The researchers attempt to use the findings of this study to fill this knowledge gap.

Second, the researchers describe ThirdEye, a mitigation platform for physical insider attacks against Facebook accounts. This platform is designed to passively monitor and collect the user's interactions with Facebook in the browser. It uses an anomaly detection algorithm on the server to determine whether the person interacting with an active Facebook session behaves like the owner of the account, or not. In the case that an anomalous interaction is detected, the platform sends a notification to the account owner via email.

This document is available in the following language(s):


OPC Funded Project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact Information

2329 West Mall
Vancouver, BC
V6T 1Z4

Main Telephone: 604-822-2211

Date modified: