Facebook says 600,000 account logins compromised every day

[Bearcat]

Facebook said this week that hackers using stolen username and password credentials try to break into at least 600,000 accounts every day on the mammoth social networking site. The revelation was buried in a new security announcement issued by the company on Thursday describing the virtues of its new "Trusted Friends" password restoration technique. UK-based computer security firm Sophos first noticed the data.

The Facebook blog entry includes an infographic explaining the success of the network's efforts to beat back spam, account hijacking, and other ills. In it, Facebook says that "only 0.06 percent of 1 billion logins per day are compromised." The site is able to precisely count the number of stolen or otherwise compromised logins because it challenges the would-be hackers with additional authentication questions, such as asking users to identify friends in pictures, said spokesman Barry Schnitt.

"(This means) 600,000 times a day, we stop a bad guy from getting access to an account even though he has guessed, phished, or stolen the login and password of an account," Schnitt said. "This is something we're very proud of." An unknown additional number of hacking attempts are successful, Schnitt said, adding that it was "an extremely small percentage" of accounts.

"If an unauthorized party has logged into your Facebook account, then you're far from alone," wrote Sophos' Graham Cluley in a post about Facebook on Friday.

"Facebook ID theft" is a serious problem which lays the foundation for all manner of other cyber misbehavior. Recently, msnbc.com reported on a woman who sent $2,000 to a criminal, believing she was communicating with her sister through Facebook chat. Other common scams include criminals hijacking friends' accounts and trying to talk users into coughing up money. Much cyberbullying also begins with compromised FB accounts. A woman recently contacted me complaining that her son's account had been hacked and classmates had posted pornographic pictures.
"They changed his email address and his password; so my son could not get into his Facebook," the woman, who asked that she not be identified to protect her son's privacy, said. "Then they posted, more than once, pornographic pictures of men with a cut-out of my son's face on it and posted it as his profile picture. My son is only 15 and those pictures were so terrible that he was embarrassed, humiliated, and devastated over them."

It's not hard to find similar stories about the dire consequences of Facebook login compromises. One key to solving the problem is making it easier for the rightful holder of hacked accounts to restore their access, and Trusted Friends should help considerably. Still, in a world where consumers are continually adding to the number of identities and imposters they need to worry about, 600,000 daily stolen or otherwise compromised Facebook credentials is not a welcome data point.

Source: http://redtape.msnbc.msn.com/_news/2...ised-every-day

---------- Post added at 09:06 PM ---------- Previous post was at 09:02 PM ----------

Facebook says that "only 0.06 percent of 1 billion logins per day are compromised."

I'm sure that makes the 0.06 percent feel so much better!

[luffy]

You know what is the real problem? It's your farking thing call "app". Why the hell do I have to "Let" some apps access my profile? Just go to hell already Facebook.
I'm not joking. Read this:
http://mashable.com/2011/01/17/facebook-app-permissions-security/

Die Facebook die.

[A Guy]

A security researcher has discovered a major security hole affecting the most popular social networking site, Facebook.

Basically, the researcher found a way to upload executable files — such as those most commonly used by malicious software — on the social network site for potential sharing. Needless to say that the potential for abuse by malicious attackers is pretty evident.

More details:

When using the Facebook ‘Messages’ tab, there is a feature to attach a file. Using this feature normally, the site won’t allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.

[url=http://www.zdnet.com/blog/security/security-researcher-finds-major-security-flaw-in-facebook/9704?tag=nl.e589]Source

A Guy

[BigGuy]

Thank you for the news Uncle Bear. I am on FB with some friends, but we are careful.

[Bluedot]

Same thing happened when somebody created a fake profile of my friend and started posting crap in her name. Although, thankfully, it is deleted now. I'm not sure whether Facebook reacted to the reports made against it or the faker (which happened to be her classmate) deleted the account out of apprehension that I would tear him apart by the limbs if I got my hands on him.

[Bearcat]

Thank you for the news Uncle Bear. I am on FB with some friends, but we are careful.

Good for you Buddy! Keep up the good work!


@ Bluedot Sorry to hear about that mate. I wouldn't be very happy with the jerk who did that either!!!

[Code No.47]

facebook nowadyas getting more and more security problems...

[Bearcat]

facebook nowadyas getting more and more security problems...

Unfortunately that is true.

[JayCub]

The problem is these days if it's popular it will encourage alot of idiots to try and break it... MS Apple are no exception, as is most popular software and films... the attack may be different, but it's a sign of the times unfortunately, im not a fan of FB, but it must be a battle for them to fend off such attacks...