Panic buttons, shrugged shoulders and drowning email inboxes : Stories of account takeovers and trust

Abstract: Users face many risks while being online, including ones posed by their own actions, such as keeping the same passwords on multiple services. This makes them potential victims of account takeovers, in which a hacker uses stolen credentials to acquire and use accounts for their own benefit. However, few papers have researched how users experience these incidents, and how this affects their trust in the service. To fill this research gap, 4 users that were part of the same account takeover incident were interviewed. Storytelling was used to present and analyse the interviews. One participant experienced the takeover as it happened, while the other three learned about it after it was mitigated. The results show that the role the user took, and how they valued the platform, affected their trust. This paper contributes to research by giving in-depth insights into account takeovers, and what challenges and opportunities the systems face.