Security Breach Detection in a Digital Medium Environment

What is claimed is: 1 . In a digital medium environment to detect a security breach, a method implemented by at least one computing device, the method comprising: receiving, by the at least one computing device, usage behavior data describing a number of actions performed with respect to digital content of a service provider system over time; generating, by the at least one computing device, a plurality of action distributions based on the usage behavior data, each action distribution of the plurality of action distributions describing a change in the number of times a respective action is performed with respect to the digital content over time; detecting, by the at least one computing device, a security breach likelihood of a user account of the service provider system by comparing usage behavior data associated with the user account with the generated plurality of action distributions; and outputting, by the at least one computing device, a security breach likelihood alert responsive to determining that the user account is likely breached based on the detected security breach likelihood. 2 . The method as described in claim 1 , wherein the digital content is an application or web service made accessible via the user account. 3 . The method as described in claim 1 , wherein the actions of the usage behavior data involve computer operations initiated by a user population that involve the digital content. 4 . The method as described in claim 1 , wherein the actions of the usage behavior data also describe characteristics of a user population that initiated the actions. 5 . The method as described in claim 1 , wherein the detecting includes generating a score based on a likelihood that a legitimate user associated with the user account of the service provider system engaged in each action of the plurality of actions as a result of the comparing. 6 . The method as described in claim 5 , wherein the generating of the score includes multiplying the likelihood generated for the plurality of actions together. 7 . The method as described in claim 1 , wherein the detecting includes testing a hypothesis that there is no security breach based on a computed probability of a change in usage behavior regarding the user account by comparing the usage behavior data associated with the user account with the generated plurality of action distributions. 8 . The method as described in claim 1 , wherein the outputting includes determining that the detected security break likelihood is indicative of a security breach and identifying the user account as potentially having the security breach. 9 . The method as described in claim 1 , wherein: the number of actions forms a series of binomial distributions for each action of the plurality of actions; and the generated plurality of action distributions follows a multivariate normal distribution. 10 . In a digital medium environment to determine consistency of a change in behavior of a user with respect to a user population, a system comprising: a usage behavior monitoring module implemented at least partially in hardware of a computing device to generate usage behavior data describing a number of actions taken by the user population; a distribution generation module implemented at least partially in hardware of the computing device to generate a plurality of action distributions describing a change in the number of actions taken by the user population over time; and a behavior change analysis module implemented at least partially in hardware of the computing device to determine a relative consistency in a change in behavior of the user by comparing usage behavior data associated with the user with the generated plurality of action distributions. 11 . The system as described in claim 10 , wherein the actions are taken with respect to digital content of a service provider system and the determination of the relative consistency in the change in behavior is used to detect a likelihood of a security breach of a user account of the service provider system. 12 . The system as described in claim 11 , wherein the actions involve computer operations initiated via the service provider system that involve the digital content. 13 . The system as described in claim 10 , wherein the behavior change analysis module is configured to generate a score based on a likelihood that a user engaged in each action of the plurality of actions as a result of the comparing. 14 . The system as described in claim 13 , wherein the generation of the score includes multiplying the likelihood generated for the plurality of actions together. 15 . The system as described in claim 10 , further comprising a result processing module implemented at least partially in hardware of the computing device to use the determined relative consistency in the change in behavior of the user to control inclusion of the user in a respective segment used as a basis to target digital marketing content, to define factors specifying inclusion in the segment, or configure digital marketing content. 16 . The system as described in claim 10 , wherein: the number of actions taken by the users forms a series of binomial distributions for each action of the plurality of actions; and the generated plurality of action distributions follows a multivariate normal distribution. 17 . In a digital medium environment to detect a security breach, a system comprising: means for receiving usage behavior data describing a number of actions taken by users with respect to digital content of a service provider system over time; means for generating a plurality of action distributions describing a change in the number of actions taken by the users with respect to the digital content over time; and means for detecting a security breach likelihood of a user account of the service provider system by comparing usage behavior data associated with the user account with the generated plurality of action distributions. 18 . The system as described in claim 17 , wherein the digital content is an application or web service made accessible via the user account. 19 . The system as described in claim 17 , wherein the actions involve computer operations initiated by the user that involve the digital content. 20 . The system as described in claim 17 , wherein: the number of actions taken by the users forms a series of binomial distributions for each action of the plurality of actions; and the generated plurality of action distributions follows a multivariate normal distribution.