Warning of Affected Users About an Identity Leak

  • Timo MalderleEmail author
  • Matthias Wübbeling
  • Sven Knauer
  • Michael Meier
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 942)


Identity theft is a typical consequence of successful cyber-attacks, which usually comprise the stealing of employee and customer data. Criminals heist identity data in order to either (mis)use the data themselves or sell collections of such data to fraudsters. The warning of the victims of identity theft is crucial to avoid or limit damage caused by identity misuse. A number of services that allow identity owners to check the status of used identities already exist. However in order to provide proactive timely warnings to victims the leaked identity data has to be on hand. In this paper we present a system for a proactive warning of victims of identity leaks.


Identity theft Identity Data Leaks Privacy Password Security Early Warning System 


  1. 1.
    Bras, T.L.: [infographic] online overload - it’s worse than you thought, July 2015. Accessed 27 Sept 2018
  2. 2.
    Casal, J.: 1.4 billion clear text credentials discovered in a single database. A Medium Corporation - 4iQ, December 2017. Accessed 27 Sept 2018
  3. 3.
    Chia, J.M.: Hacked-Emails (2017). Accessed 27 Sept 2018
  4. 4.
    Corp, S.: LifeLock (2018). Accessed 27 Sept 2018
  5. 5.
    DeBlasio, J., Savage, S., Voelker, G.M., Snoeren, A.C.: Tripwire: inferring internet site compromise. In: Proceedings of the 2017 Internet Measurement Conference, IMC 2017, pp. 341–354. ACM, New York (2017)Google Scholar
  6. 6.
    Graupner, H., Jaeger, D., Cheng, F., Meinel, C.: Automated parsing and interpretation of identity leaks. In: Proceedings of the ACM International Conference on Computing Frontiers, CF 2016, pp. 127–134. ACM, New York (2016)Google Scholar
  7. 7.
    Han, W., Li, Z., Ni, M., Gu, G., Xu, W.: Shadow attacks based on password reuses: a quantitative empirical view. IEEE Trans. Dependable Secur. Comput. 15(2), 309–320 (2016)CrossRefGoogle Scholar
  8. 8.
    Hasso-Plattner-Institut für Digital Engineering gGmbH: HPI Leak Checker (2017). Accessed 27 Sept 2018
  9. 9.
    Heen, O., Neumann, C.: On the privacy impacts of publicly leaked password databases. In: Polychronakis, M., Meier, M. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 347–365. Springer International Publishing, Cham (2017)CrossRefGoogle Scholar
  10. 10.
    Hunt, T.: have i been pwned? (2017). Accessed 27 Sept 2018
  11. 11.
    Hunt, T.: Inside the massive 711 million record onliner spambot dump (2017). Accessed 27 Sept 2018
  12. 12.
    IdentityForce, I.: IdentityForce (2018). Accessed 27 Sept 2018
  13. 13.
    Jaeger, D., Pelchen, C., Graupner, H., Cheng, F., Meinel, C.: Analysis of publicly leaked credentials and the long story of password (re-)use. In: Proceedings of the 11th International Conference on Passwords (PASSWORDS2016). Springer, Bochum (2016)Google Scholar
  14. 14.
    Johansen, A.G.: 4 lasting effects of identity theft (2018). Accessed 27 Sept 2018
  15. 15.
    Lord, N.: Uncovering password habits: are users’ password security habits improving? (infographic), September 2017. Accessed 27 Sept 2018
  16. 16.
    Experian Ltd.: Experian (2018). Accessed 27 Sept 2018
  17. 17.
    Malderle, T., Wübbeling, M., Knauer, S., Sykosch, A., Meier, M.: Gathering and analyzing identity leaks for a proactive warning of affected users. In: Proceedings of the 15th ACM International Conference on Computing Frontiers, CF 2018, pp. 208–211. ACM, New York (2018)Google Scholar
  18. 18.
    Malm, S.: Two suicides are linked to Ashley Madison leak: Texas police chief takes his own life just days after his email is leaked in cheating website hack (2015). Accessed 27 Sept 2018
  19. 19.
    Onaolapo, J., Mariconti, E., Stringhini, G.: What happens after you are pwnd: understanding the use of leaked webmail credentials in the wild. In: Proceedings of the 2016 Internet Measurement Conference, IMC 2016, pp. 65–79 (2016)Google Scholar
  20. 20.
    Subrayan, S., Mugilan, S., Sivanesan, B., Kalaivani, S.: Multi-factor authentication scheme for shadow attacks in social network. In: 2017 International Conference on Technical Advancements in Computers and Communications (ICTACC), pp. 36–40 (2017)Google Scholar
  21. 21.
    Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., Markov, Y., Comanescu, O., Eranti, V., Moscicki, A., Margolis, D., Paxson, V., Bursztein, E.: Data breaches, phishing, or malware?: Understanding the risks of stolen credentials. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1421–1434. ACM, New York (2017)Google Scholar
  22. 22.
    vigilante: (2017). Accessed 27 Sept 2018

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Timo Malderle
    • 1
    Email author
  • Matthias Wübbeling
    • 1
    • 2
  • Sven Knauer
    • 1
    • 2
  • Michael Meier
    • 1
    • 2
  1. 1.University of BonnBonnGermany
  2. 2.Fraunhofer FKIEBonnGermany

Personalised recommendations