Patent attributes
Requests to perform activity with respect to a customer account can be monitored to attempt to detect fraudulent activity due to compromised customer credentials or other unauthorized access. The unauthorized party can request actions such as to create a new account, mount a snapshot of customer data, and exfiltrate the customer data. Various embodiments monitor such requests and permissions granted to accounts not directly owned by a customer, and can apply automatic mitigations for suspicious activity in order to reduce the risk of exposing data to unauthorized accounts. Such an offering determines mitigations to perform, such as to block, alert, rate limit, or terminate the linked or non-linked account based on account reputation. The detection mechanism can use various heuristics to make mitigation decisions, as may consider factors such as account age, geolocation, access history, device fingerprint, network domain, payment type, prior suspicious activity, and the like.
