Google Research

“My religious aunt asked why I was trying to sell her viagra”: Experiences with account hijacking

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: CHI '14, ACM, New York, NY, USA (2014), pp. 2657-2666


With so much of our lives digital, online, and not entirely under our control, we risk losing access to our communications, reputation, and data. Recent years have brought a rash of high-profile account compromises, but account hijacking is not limited to high-profile accounts. In this paper, we report results of a survey about people’s experiences with and attitudes toward account hijacking. The problem is widespread; 30% of our 294 participants had an email or social networking account accessed by an unauthorized party. Five themes emerged from our results: (1) compromised accounts are often valuable to victims, (2) attackers are mostly unknown, but sometimes known, to victims, (3) users acknowledge some responsibility for keeping their accounts secure, (4) users’ understanding of important security measures is incomplete, and (5) harm from account hijacking is concrete and emotional. We discuss implications for designing security mechanisms to improve chances for user adoption.

Learn more about how we do research

We maintain a portfolio of research projects, providing individuals and teams the freedom to emphasize specific types of work