600,000+ compromised account logins every day on Facebook, official figures reveal

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

If an unauthorised party has logged into your Facebook account, then you’re far from alone.

New official statistics revealed by the social networking giant reveal that 0.06% of the more than billion logins that they have each day are compromised.

Put another way, that’s more than 600,000 per day – or, if you really like to make your mind melt, one every 140 milliseconds. (By comparison, a blink of the eye takes 300-400 milliseconds)

Snippet of Facebook security infographic

Sign up to our free newsletter.
Security news, advice, and tips.

The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm.

The new security features include Trusted friends (called “Guardian angels” in the infographic).

Facebook says that you will be able to nominate three to five “trusted” friends who can help you if you have a problem accessing your account – if, for instance, someone else has changed its password and locked you out of your email account. The idea is that if you need to login to Facebook but can’t access your email account, Facebook will send codes to your friends that they can pass on to you.

Trusted friends on Facebook

(BTW, nice middle names you’re using there, Facebook)

None of your friends on their own has enough information to access your account, as they are only sent a single code. But, of course, if your “trusted” friends turned out to be untrustworthy and banded together they would – between them – be able to access your account. So you best be sure that you keep a close eye on who your trusted friends are (especially if you’re prone to falling out, or they think practical jokes are amusing), and be pretty confident that they are taking their own computer security seriously.

Oh, and it might be an idea to remind yourself what the word “friend” actually means, as history has shown that many Facebook users have a very different idea of what a “friend” is from the rest of the world. :)

Another thought occurs to me – if a bad guy has taken over your Facebook and email account, isn’t it likely that he will also change who your trusted friends are at the same time? Wouldn’t that make the whole security measure kinda pointless?

Another new announcement is App Passwords – meaning that you will no longer have to log into Facebook apps with the same credentials that you use for your Facebook account. It’s certainly a good idea not to use your Facebook password with anybody other than Facebook – so it’s good to hear that Facebook will be offering this new privacy option.

App specific passwords

However, it’s not hard to predict that the only people who might use such a feature might be those who are already very aware of privacy issues, rather than the great unwashed majority on Facebook.

Facebook security infographic

Facebook’s infographic is too long and thin to properly embed on the Naked Security site, so here’s a link to where you can download a version for yourself.

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks.

Join the Sophos page on Facebook, where over 140,000 people regularly share information on threats and discuss the latest security news.

What are your experiences of spam, malware, scams and cybercrime on Facebook? Is Facebook doing enough to make their social network a safer environment?

Leave a comment below and share your thoughts.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.