Computer security vulnerabilities come in all shapes and sizes; resultantly, computer security strategy must be varied and diverse to protect against exploitation of those vulnerabilities. A common problem is the illegitimate obtainment (e.g., when a large website is breached by attackers) of user account credentials (e.g., a username and password), which can lead to fraud, identity theft, disclosure of sensitive information, and other undesired outcomes. The problem of compromised credentials is exacerbated by the common user behavior of reusing credentials. For example, a user might use a single set of credentials to access multiple services. Thus, even if a service locks a user account that is accessible by compromised credentials, an attacker may still be able to use the same compromised credentials to access other user accounts at other services.
Some services exist for handling compromised credentials. For example, compromised credential information can be fed into e-mailing systems that notify affected users through e-mail of the status of their account. However, these conventional approaches require users to sign up for such a service and fall short in providing effective options for ameliorating the damage of a compromised account.
Thus, there is a need in the computer security field to create new and useful methods for identifying compromised credentials and controlling account access associated with the credentials. This invention provides such new and useful methods.