Facebook said this week that hackers using stolen username and password credentials try to break into at least 600,000 accounts every day on the mammoth social networking site.
The revelation was buried in a new security announcement issued by the company on Thursday describing the virtues of its new “Trusted Friends” password restoration technique. UK-based computer security firm Sophos first noticed the data.
The Facebook blog entry includes an infographic explaining the success of the network’s efforts to beat back spam, account hijacking, and other ills. In it, Facebook says that “only .06 percent of 1 billion logins per day are compromised.” The site is able to precisely count the number of stolen or otherwise compromised logins because it challenges the would-be hackers with additional authentication questions, such as asking users to identify friends in pictures, said spokesman Barry Schnitt.
“(This means) 600,000 times a day, we stop a bad guy from getting access to an account even though he has guessed, phished, or stolen the login and password of an account,” Schnitt said. “This is something we’re very proud of.”
An unknown additional number of hacking attempts are successful, Schnitt said, adding that it was “an extremely small percentage” of accounts.
“If an unauthorized party has logged into your Facebook account, then you’re far from alone,” wrote Sophos’ Graham Cluley in a post about Facebook on Friday.
“Facebook ID theft” is a serious problem which lays the foundation for all manner of other cyber misbehavior. Recently, msnbc.com reported on a woman who sent $2,000 to a criminal, believing she was communicating with her sister through Facebook chat. Other common scams include criminals hijacking friends’ accounts and trying to talk users into coughing up money. Much cyberbullying also begins with compromised FB accounts. A woman recently contacted me complaining that her son’s account had been hacked and classmates had posted pornographic pictures.
“They changed his email address and his password; so my son could not get into his Facebook,” the woman, who asked that she not be identified to protect her son’s privacy, said. “Then they posted, more than once, pornographic pictures of men with a cut-out of my son’s face on it and posted it as his profile picture. My son is only 15 and those pictures were so terrible that he was embarrassed, humiliated, and devastated over them.”
It’s not hard to find similar stories about the dire consequences of Facebook login compromises. One key to solving the problem is making it easier for the rightful holder of hacked accounts to restore their access, and Trusted Friends should help considerably. Still, in a world where consumers are continually adding to the number of identities and imposters they need to worry about, 600,000 daily stolen or otherwise compromised Facebook credentials is not a welcome data point.