Privacy-Preserving Warning Management for an Identity Leakage Warning Network.

Identity leakage is the public disclosure of user accounts that were stolen from an online service provider, e.g. email adresses and passwords. Identity leakage is an emerging threat to the security of user accounts because the number of online identities grows notably faster than the amount of used email adresses and passwords. In order to protect users against potential identity thefts after a cyber heist, a system that proactively warns the victims seems inevitable. In the design of such a system, there are technical, legal and psychological goals, e.g., the system has to fulfill the General Data Protection Regulation and users do not want to be flooded with warnings about potential identity thefts. In this paper, we propose a warning management system for online service providers that want to cooperate whilst keeping their users' data private from each other. Most importantly, victims will be informed only once if their user identity was found in an identity leak and the cooperating service providers preserve the privacy of the victims by design. Therefore, our warning system complies with the NIST recommendation.