Companies can store a tremendous amount of end-user data. For example, end-user data can include, but is not limited to, address information, credit card information, photographs, e-mails, healthcare records, financial records, electronic documents, messages, associations with other end-users, and other types of information. Not only do the end-users have an expectation of privacy, but in many cases there can be legal requirements on the dissemination and use of the data. As a result, unauthorized access and/or use of the end-user's data can result in dissatisfied customers and potential legal liability. Accordingly, private end-user data needs to be protected from unauthorized external and internal access (e.g., from employee accounts).
In social networking systems, it is advantageous to keep private end-user data available to employees as the employees may need access to private end-user data in order to perform their duties (e.g., to resolve end-user issues). Traditionally, tools for allowing employees access to private end-user data did not dynamically allocate access to the end-user data. Instead, each employee had access to all of the data or to very large portions of the data. Moreover, traditional tools also did not provide any restrictions on how the data can be used once access has been granted to the tool. One tool that has resolved these challenges and inefficiencies found in traditional tools for granting access to private end-user data is discussed in co-pending U.S. application Ser. No. 13/660,980, filed on Oct. 25, 2012, which issued as U.S. Pat. No. 8,887,260, the contents of which are expressly incorporated herein by reference.
U.S. application Ser. No. 13/660,980, which issued as U.S. Pat. No. 8,887,260, discusses various systems and methods for providing token-based access control to various data sets and/or portions thereof. Thus, private end-user data can be accessed via private access tools once the appropriate token(s) are obtained. This allows the social networking systems to keep the private end-user data available to employees for expeditiously resolving end-user issues, among other important employee duties. Unfortunately, in some rare instances, an employee's account can be compromised. For example, an employee's account (e.g., login credentials) can be compromised by clicking on a phishing e-mail attack.
In some cases, the attacks can be coordinated and persistent (e.g., when the attacks are state sponsored). These coordinated and persistent attacks are commonly referred to as advanced persistent threats (APTs). Often, the goal of an APT is to obtain private end-user information associated with particular people, groups, and/or communities. Unfortunately, APTs often avoid detection because they are well funded, organized, and after specific information.
Overall, the examples herein of some prior or related systems and their associated limitations are intended to be illustrative and not exclusive. Upon reading the following, other limitations of existing or prior systems will become apparent to those of skill in the art.