publications

2025

1. [Working Title] — Hidden in Plain Bytes: Investigating Interpersonal Account Compromise with Data Exports

   Julia Nonnenkamp, Naman Gupta, Abhimanyu Gupta, and Rahul Chatterjee

   ACM CCS, Oct 2025

   Accepted manuscript. To appear.

   Abstract

   When survivors of technology-facilitated abuse suspect unauthorized access to their online accounts, they (and advocates supporting them) often rely on built-in security interfaces, such as trusted device lists, to identify account compromise. However, these interfaces typically offer limited or ambiguous details about past access and security-critical events. Under right-of-access provisions in data protection laws, users can request structured exports of their personal data from online services. In this study, we explore whether and how data exports can supplement security interfaces to support compromise investigations, particularly in interpersonal threat contexts. We simulate four types of interpersonal account compromise attacks across six popular platforms, analyze the resulting data exports and user interfaces, and map data export contents to specific attack steps — such as authentication and in-account activity. Our findings show that data exports consistently contain more granular login histories and richer device/network identifiers than interfaces. Some even link security-relevant actions to specific devices, offering forensic value for identifying compromise. We conclude by discussing the practical challenges of deploying data exports in technology abuse intervention.