/ TitanHQ Blog
/ Web Security Threat as 145 Million Facebook Accounts Hacked!
Posted by Geraldine Hunt on Mon, Mar 9th, 2015
Increasingly aspects of Facebook are presenting a sigificant web security threat for businesses. With the number of Facebook accounts being hacked on the increase,it's important point out there are precautions you can take. A simple one is implementing two factor authentication. One of the most common ways passwords are stolen is via a phishing attack. Hackers try stolen password on multiple sites hoping for sloppy security practises. These passwords are sold to hackers on exchanges which is big business.
Facebooks definition of “compromised logins”
TechCrunch says that Facebook has 600,000 compromised logins per day, which seems like a large number but is a mere 0.06% or 0.0006 or 6/10,000 of Facebook’s 1 billion accounts. The Facebook definition of “compromised logins” is not what you think. Facebook says these are accounts that have blocked because “we are not absolutely confident that the account’s true owner is accessing the account and we either pre-emptively or retroactively block access”. So if these accounts were blocked that does not mean they were hacked. They were blocked before they could be hacked. Or they were hacked and then blocked. Either way the hacker has no access now.
One the day that Facebook released that statistic, most news sites incorrectly reported that these account were hacked, because they did not read Facebook’s definition of “compromised.” Some called it a “shocking lack of security” when it in fact it shows that the Facebook system is working to stop hackers, at least 0.06% of the time. Some of those numbers too would be false positives.
How many Facebook accounts get hacked?
That number is not readily available since only Facebook has that information and they have not said. But you can extrapolate from surveys to estimate this figure. Of the people who had hacked accounts in the UK, 66% of those hacks were Facebook, according to statista. Pew Research in 2013 said that 22% of “internet users have had an email or social networking account compromised or taken over by someone else without permission.”
So, 1 billion Facebook users x 22% of whom had at least one account attacked x 66% of those accounts were Facebook = 145 million people have had their Facebook account taken over at some point. Granted that’s a very rough estimate but it’s a plausible extrapolation.
How do hackers get access to these accounts?
There is basically only three ways:
- Phishing links to look-alike Facebook pages where people are tricked into entering their credentials which are then stolen.
- Using passwords bought from other hackers and trying them on Facebook.
- Keyboard recorder viruses.
Facebook uses cell phones for account recovery, so it is not possible to guess the answer to someone’s challenge response questions and login that way. The site now also uses SSL so that someone snooping the network could not read your password when you type it in. And brute force is not possible, since repeated tries would create a “compromised” account.
How to protect your Facebook account
Antispam software like SpamTitan will stop phishing attacks before they reach your email inbox. But if you are on the Facebook site and click a link there, you would just have to look at where you are clicking. If you are in an office and behind some kind of web filtering software, the site might be blocked because it is blacklisted or the filtering software might detect a phishing attack. But if you are at home or a public hotspot, where there is no filter, then you just need to pay attention to where you click and look closely at the URL to make sure it is not a Facebook fake or other phishing site.
So even though social media makes us feel as if we are operating in a safe and secure environment by sharing with friends and family, it is potentially making you very vulnerable to hackers – unless you take extra precautions. We have put together a few easy to do suggestions to get you started:
Social Networking Security Tips
Here are some very simple social networking security tips to keep in mind:
1. Don’t share everything about your life on social networks.
2. Use strong complex passwords incorporating case variety, letters, numbers and symbols.
3. Configure and check your profile security setting regularly
4. Treat the answers to security questions as additional passwords - using the passwords guidlines above.
5. Ensure all anti virus, anti spam and web filering solutions and operating system up-to-date.
If you’ve ever had your Facebook account hacked tell us about it?