Facebook counts 600,000 compromised account logins per day

Did you know that 0.06% of Facebook’s daily logins are compromised? While 0.06% might not sound too bad, it actually adds up to over 600,000 compromised logins per day, or one every 140 milliseconds.

The rather disturbing statistic was confirmed in a Facebook blog post which touts a new security feature known as Trusted Friends (aka Guardian Angels).

The feature allows users to select three to five trusted acquaintances who can help restore access to an account in the case of a lost password or locked e-mail account.

Meaning, Facebook will send codes to your friends – who will then (presumably) pass them along to you.

However, as Sophos security researcher Graham Cluley cautions, Trusted Friends is certainly not without risk. 

“None of your friends on their own has enough information to access your account, as they are only sent a single code. But, of course, if your ‘trusted’ friends turned out to be untrustworthy and banded together they would – between them – be able to access your account.

“So you best be sure that you keep a close eye on who your trusted friends are (especially if you’re prone to falling out, or they think practical jokes are amusing), and be pretty confident that they are taking their own computer security seriously.”

Cluley also noted that anyone who compromises an account will likely change the “trusted friends” group almost immediately, rendering the whole security measure “kind of pointless.”

In addition to Trusted Friend, Facebook also introduced App Passwords, which allows users to log into third-party apps with a unique password that differs from a primary Facebook login. 

Cluley endorsed the new feature, noting that it was definitely a good idea not to use your Facebook login on other sites or apps.