Skip to Main Content

Facebook Sees 600,000 Compromised Logins Daily

The social networking is implementing a new security measure that uses friends to its benefit.

November 1, 2011

 

In a recent , the social networking company let the world know it faces approximately 600,000 security threats per day in the form of "compromised" logins. That's a mere 0.06 percent of the 1 billion logins the site sees per day, although it's still a sizable number.

While some will refer to these security breaches as "hacks," Facebook doesn't classified the compromised logins that way.

"A compromised login' means the person logging in knows the username and password for an account, but we suspect they may not be the actual account holder," according to Fred Wolens, a public policy representative from Facebook. "Basically, knowing someone's username and password is not enough to get into their Facebook account if we are not confident that the person accessing the account is its rightful owner. It may be more accurate to say 600k accounts 'saved' per day," Wolens explained via email.

"Every time this happens, we don't let the suspicious login into the account, and instead make them pass some additional authentication challenge. Often this involves a 'social Captcha,' which authenticates the account owner by having them identify pictures of their friends," Wolens added. "Accounts are often compromised outside the Facebook ecosystem (via phishing, malware, sharing their password with a site that was compromised, etc.), and the fact we are able to block so many of these suspicious logins is a testament to our work here." 

It's bad enough that another person might access your account and wreak havok on your friends or steal your personal information, but it's also possible that the perpetrator could change your password and lock you out.

In any event, Facebook's response has been to implement new security measures, one of which plays to the site's social strengths. Called Trusted Friends, one of the new features will let users name up to five "trusted friends" who, in the event the user gets locked out of his or her account, will receive a code that can be passed on to the user to authenticate the account and identity.

The analogy Facebook is using is: It's like giving a copy of your house key to a close friend or family member. It's a failsafe measure that works when you've forgotten your password (or a malicious person has changed the password on you) and you can't access your email to reset the password yourself. When that happens, Facebook can send a code to your trusted companions who can pass it along to you by some other means, like via phone or text message.