Social Enterprise

Facebook's security woes: 600K accounts compromised per day

Kara Reeder reports on the latest security mishaps from the Facebook camp.

With more than 800 million active users, there's no shortage of people looking for loopholes in the social network. The latest vulnerability has been discovered by Nathan Powers, who works for technology consultancy CDW. Powers has discovered a way for a user to send an executable file to another user who is not their friend. The risk, as Computerworld points out, is that "a hacker [could] send, for instance, a keylogging program to another user in a kind of spear-phishing attack."

Facebook's Security Manager Ryan McGeehan is downplaying the flaw, noting that "an additional layer of social engineering" would be required for the scam to work.

Security issues are nothing new for Facebook. In fact, as msnbc.com reports, buried deep in a recent security announcement, Facebook revealed that 600,000 accounts are compromised every day. Of course, Facebook put a different spin on it, saying "only 0.06 percent of 1 billion logins per day are compromised." Still, 600,000 a day is nothing to scoff at as hijacked Facebook accounts lay the foundation for a number of misbehaviors, including cyberbullying and scams designed to trick unsuspecting users into coughing up money. Editor's Note: Facebook has clarified what they mean by "compromised." According to TechCrunch:

Facebook wants it known that these accounts weren't hacked or compromised on Facebook itself, they are compromised off site, such as through phishing scams, for example.

Facebook blocks access to accounts when they have reason to believe someone other than the true owner is trying to access it. Here is Facebook's original infographic (PDF), which includes the numbers cited (.06% of 1 billion logins per day).

15 comments
WoodyM
WoodyM

I guess being lazy isn't the only reason for not having a Facebook account.

pfeiffep
pfeiffep

The number quoted is correct according to the articles I read, but the active word should have been ATTEMPTS. The salient question is "If FB foils 600,000 attempts daily, how many success are logged?"

TechFan33
TechFan33

Facebook has repeatedly shown their indifference to security. In order to not lose control of my Facebook account (or any account really) I started using a hardware based password manager that eliminates the attacks from multiple fronts. https://mylok.ii2p.com/

kevin
kevin

In fact, take a look at the very name. FACE BOOK. With more than 500 million facial recognition photos already in thier database it should be obvious to anyone with half a brain that the original intention for the creation of "Facebook" was to create this database. That in itself is a security and privacy infringement. Where is 'Homeland Security' during all of this? Probably standing in line to place a bid on the content of this database. Just another example of how stupid the general population is in America.

jcw002
jcw002

Let's see what happens tomorrow.

brettwar
brettwar

The same people who get hacked are the same as always.... Kids who accept every Tom, Dick and Harry with no regard to who they are.... People who click everything from unknown email attachments to links, and #3 those who download pictures, music, or whatever with no regard to what it is and always have the password the same as their name.. This is the same always and usually 99% of the people who are hacked is for the reasons above.

douglas.jefferey
douglas.jefferey

You cant always throw blame at facebook or some other programs for being at fault, its called "Social Engineering" and if you send someone a link that says click here to see the woman/guy of your dreams... most infections are caused by this more than anything, some people will just click or open anything and not think twice about it. If you give the keys to the kingdom to anyone before educating them, whats the point of even worrying about spyware/virus/bots/dDOS and so on... But I do think facebook should have an agent that scans external links for viral activity or possible infections or scan them and give the user the option to say yae' or nae' if they want to proceed, and if they do its on there own discretion at that point.

wethecom
wethecom

yes this a crap post compared to the real vulnerabilities it has an how anyone can steal anyone account with there ask 3 friends to verify you when they could be your bots doing the verifying....

jkameleon
jkameleon

EVERY Facebook acount is compromised. By Facebook.

Gisabun
Gisabun

The majority of these who have 600,000 compromised accounts are the same ones who will open attachments from people the don't know, click on links from those they don't know or use passwords like "123456" or "Password".

regsrini
regsrini

You have gotten two key facts wrong here. 1. Facebook has 800 million users, and not 800,000 million. 2. Ryan McGeehan reported that hackers "TRY" to break into more than 600,000 FB accounts. He never said that those many accounts were actually "COMPROMISED". Once you get these out of the way, the entire premise of your post goes for a toss. While security is an issue with Facebook, it certainly isn't as bad as you are making it out to be. Don't compromise on facts just to get your posts out, PLEASE.

Gisabun
Gisabun

I don't think Homeland Security care about hacked Facebook accounts. Your title says something but you never mention much about it in the body of your message. You can't blame Facebook when individuals use simple passwords. They ignore the meter strength of their password thinking that nobody would hack them.

AnsuGisalas
AnsuGisalas

but the premise of FB seems to be to seamlessly broadcast information about the user to as wide an audience as possible... So all stops are off by default.

eric.schell
eric.schell

You really ought to learn to compose a sentence using words of ordinary english.

MichP
MichP

The Facebook statement says how many *logins* per day are compromised. It seems like a jump to me to say 1 login = 1 account.