Identifying Related User Accounts Based on Authentication Data

摘要

In some embodiments, upon detecting malicious activity associated with a user account, a content management system can identify other user accounts related to the malicious user account. The content management system can identify related user accounts by comparing authentication information collected for the malicious user account with authentication information collected for other user accounts. Authentication information can include IP address information, geographic information, device type, browser type, email addresses, and/or referral information, for example. The content management system can compare the content items associated with the malicious user account to content items associated with other user accounts to determine relatedness or maliciousness. After identifying related malicious user accounts, the content management system can block all related malicious user accounts.

主权项

1. A method comprising:
detecting, by a computing device, a malicious activity associated with a first user account; and determining, by the computing device, that at least one second user account is related to the first user account based on authentication data associated with the first user account.