Facebook blasts claims 600,000 accounts compromised a day

The social network says 600,000 accounts are not hacked every day, after figures cause confusion.

Facebook

Facebook has rebuffed claims 600,000 accounts on the social networking site are accessed every day by unauthorised parties.

Sophos senior technology consultant Graham Cluley extrapolated official figures from Facebook that said ".06 per cent of over one billion logins per day are compromised."

"Put another way, that's more than 600,000 per day - or, if you really like to make your mind melt, one every 140 milliseconds," Cluley said in a blog post.

While Facebook does block (approximately) 600,000 log-ins per day, it is not that these Facebook accounts are compromised on Facebook.

However, Facebook denied the claims, saying 600,000 login attempts were blocked every day. Whenever Facebook deems an attempt to login as dubious, it asks the user to go through further security processes. If the user fails to pass these, access is blocked.

"While Facebook does block (approximately) 600,000 logins per day, it is not that these Facebook accounts are compromised on Facebook, and certainly not that they're 'hacked' as some have written," a Facebook spokesperson said.

"There may be compromised accounts that appear on Facebook, but more often than not they are compromised off of Facebook - they use the same password for e-mail as Facebook, they get phished, etc. Compromised in this sense refers to logins where we are not absolutely confident that the account's true owner is accessing the account and we either preemptively or retroactively block access."

Security updates

The revelation came on the same day Facebook launched a host of additions designed to improve security on the site.

The Trusted Friends feature allows those locked out of their email and Facebook accounts to get back onto the social network. In such a scenario, selected contacts are sent a code that can be handed to the victim to let them back into their Facebook account.

App Passwords means users can add passwords to certain third-party applications.

HTTPS can now also be turned on permanently as Facebook looks to up its security game.

Earlier this year, the social networking giant opened up a bug bounty hunter scheme.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021