Facebook admits 1 in 4 chance your account will be compromised this year

Facebook compiles masses of private data in user accounts; 60K of them are hacked or corrupted every day


"Friend" means something very different on Facebook than on real life, NakedSecurity reminds us, just before pointing out that if yours is one of the 600K accounts compromised every day, it's likely whoever took it over would also change who your trusted friends are, potentially blocking you from re-acquiring the account, or making your friends vulnerable to serial attacks.

Multiply those 60,000 login fails by 365 days and Facebook is admitting that 219 million end user accounts are compromised every year. That's 29 percent of 750 million accounts Facebook lists as active.

Estimate just half of those are hacks rather than login problems and you have 14.5 percent of all Facebook members at risk of data theft every year. That's 109 million accounts.

And remember, those aren't just pages of sarcastic comments and a few random friend pictures. They're accounts on which Facebook maintains as much as 800 pages of detailed information, fills with data it refuses to let users delete and data on customers' behavior the customers never authorized anyone to collect.

There's no guarantee even an effective cracker could cut through the data profile to the 800 pages of metadata. Just having access to data users enter on purpose is problematic enough, especially as Facebook adds features like Apps Password that would give a bad guy who took over one account access to a range of others as well.

And a login failure rate of 29 percent? Hacking rate that half of that? How many security specialists would be able to keep their jobs with that high a risk that user data would be compromised?

That may not be a concern at Facebook which – judging from its consistent policy of vacuuming up every bit of private data it can find while providing security for users about as effective as a damp paper safe – would probably regret data breaches only because each one represents the exposure of private data for which it had not been paid.

If the hacked data or compromised login is yours, though, your opinion might be a bit more harsh.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Join us:






Answers - Powered by ITworld

Ask a Question