Facebook has released a statistic showing that fewer than one-tenth of one percent of logins into the social network are compromised. But since more than 1 billion Facebook logins occur each day, that could add up to 600,000 breaches every 24 hours.
Specifically, an infographic in an official Facebook post introducing new security tools states that “Only .06 percent of over 1 billion logins per day are compromised.” Security firm Sophos was intrigued enough by that statistic to post its own analysis.
“Put another way, that's more than 600,000 per day—or, if you really like to make your mind melt, one every 140 milliseconds,” Sophos technology consultant Graham Cluley writes. “If an unauthorized party has logged into your Facebook account, then you're far from alone.”
One thing we don’t know is how many accounts are actually compromised. Naturally, a single compromised account could have many unauthorized logins in a single day. Facebook claims 750 million active users, with half that number logging on each day.
Also, how Facebook defines a compromised account is not detailed. Cluley writes, “My deduction is that Facebook is talking about the phenomenon of users' accounts being accessed by spammers, and used to send messages out to their online pals. That's what I would call a ‘compromised account,' and that's the 600,000+ a day I suspect.”
UPDATE: We contacted Facebook a few hours before this article was published, and have just received a response attributed to a Facebook spokesperson. Facebook acknowledged blocking roughly 600,000 logins per day, but argued that many of the compromised accounts are somehow compromised off of Facebook. "There may be compromised accounts that appear on Facebook, but more often than not they are compromised off of Facebook—they use the same password for email as Facebook, they get phished, etc.," Facebook said. In the data released this week, the word "compromised" is in reference to "logins where we are not absolutely confident that the account's true owner is accessing the account and we either preemptively or retroactively block access."
While many Facebook users see occasional spam pop up in their news feeds, Facebook says on a percentage basis its spam blockers are doing a bang-up job. While 89.1 percent of e-mail is spam, less than four percent of Facebook content is spam and only one-half of one percent of users see spam on any given day, the company says:
Facebook is trying to cut that number further, or at least prevent it from rising, with two new tools that will be tested in the “coming weeks.” One is called “Trusted Friends,” and lets you select three to five friends who can help if you ever have trouble accessing your account. Facebook compares it to leaving a house key with a friend.
“If you forgot your password and need to login but can't access your email account, you can rely on your friends to help you get back in,” Facebook said. “We will send codes to the friends you have selected and they can pass along that information to you.”
Another new feature targets spam issued from third-party applications by letting users select unique passwords for applications they’ve authorized to interact with their Facebook accounts.
“There are tons of applications you can use by logging in with your Facebook credentials,” the company notes. “However, in some cases, you may want to have a unique password for that application. This is especially helpful if you have opted into Login Approvals, for which security codes don't always work when using third party applications.”
App Passwords is already live for at least some users, as I was able to locate it under security settings in my own account. Trusted Friends doesn’t seem to have gone live yet.
reader comments
22