Enhancing Pinner security with login emails and revoking sessions

Amine Kamel, Emanuele Cesena & Eric Zhang | Pinterest engineers, Security

The Pinterest Security team is tasked with keeping the accounts of more than 175 million people safe and secure. We recently added another layer of protection to secure Pinners’ accounts. Now, logging in from a new device or location will trigger an email notification, and all active sessions can be viewed and revoked from the user settings page.

Here we’ll describe the system architecture powering the new features.

New features

It’s 11:30 a.m., and I receive an email from Pinterest informing me of a new login from New York. Wait, what!? I’m working in my office in San Francisco— this login was definitely not from me.

I visit the new ‘Security’ section under my Settings and view my active sessions. From here, I can remove the unwanted session by clicking the ‘End Activity’ button. Since this was a new login, I opt to change my password which will automatically reset all my sessions.

How it works

Here’s an overview of the system architecture, with the user settings page on top and the email notification system on the bottom. As you can see, both rely on a backend service called Session Manager.

Session Manager

At the core of both features is Session Manager, which is responsible for storing and validating user sessions. It’s a Java service accessed by the API through a Thrift interface to validate the session of every request (150k+ per second). Session manager has always had the ability to revoke sessions, but this is the first case where we allow Pinners to use it.

User Settings page

The new functionality of retrieving and revoking active sessions was added via API calls which connect directly to Session Manager’s endpoints.

Email notification

At every login (a few million per day), the API dispatches an async job to our PinLater service (which is open sourced). On execution, the job retrieves a list of all sessions and evaluates if the login event is from a new device or IP address. If so, the job sends an email to the owner of the account.

Securing Pinterest

With the email notification on new login and the ability to view and revoke active sessions, security makes its first appearance in the Pinterest app and we couldn’t be more excited. Stay tuned for more updates from our team and Pinterest Engineering!

Did you have a direct experience, on Pinterest or elsewhere, with revoking unknown or undesired sessions? If so, we’d like to hear from you. Let us know in the comment below, or find us on Twitter @0x0ece, @ericzhang401.

Acknowledgements: These features were a cross team effort. Many thanks to Ali Altaf, Jean Aurambault, Steve Cohen, John Egan, Kevin Grandon, Devin Lundberg, Vamsi Ponnekanti, Ryan Reid, and the Web & API teams for all the help and guidance.