Facebook stops 600,000 suspicious log-ins a day

Following the release of an infographic that created some confusion over the use of the term "compromised," Facebook elaborates on its process for blocking suspicious log-ins.

Elinor Mills
Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
2 min read
This section of a larger Facebook security infographic indicates that .06 percent of about one billion daily logins are blocked, although the use of the word "compromised" has created some confusion.
This section of a larger Facebook security infographic indicates that .06 of approximately 1 billion daily log-ins are blocked, although the use of the word "compromised" has created some confusion. Facebook

Facebook released an infographic blog post yesterday that says about 600,000 log-ins per day are compromised. That's given some the false impression that there are that many accounts compromised every day.

I asked Facebook to elaborate and was provided with this statement:

While Facebook does block (approximately) 600,000 log-ins per day, it is not that these Facebook accounts are compromised on Facebook, and certainly not that they're 'hacked' as some have written. There may be compromised accounts that appear on Facebook, but more often than not they are compromised off of Facebook--they use the same password for e-mail as Facebook, they get phished, etc. Compromised in this sense refers to log-ins where we are not absolutely confident that the account's true owner is accessing the account and we either preemptively or retroactively block access. We are being preventative and helping make sure people secure their account even if they aren't actually compromised on Facebook.

After some follow-up questions I learned that so-called "retroactive blocks"--which actually sound more like post log-in shutdowns, but who wants to quibble?--"tend to occur immediately after we detect anomalous activity, which may be at the point of log-in or after the compromised account exhibits malicious/unusual behavior. Unfortunately, I do not have a breakdown of pre- vs post-blocks," a Facebook spokesman said.

Some of the suspicious log-ins may be malicious actors trying to break in, but many are legitimate log-ins by the account holder who is using a computer infected with malware. "In this case, we will preemptively block the account and ask the user to scan and repair their machine before we allow them back on the site," the spokesman said.

An undisclosed number of those 600,000 log-in cases may involve accounts that are already compromised and Facebook will likely block the account after discovering that.

So, how many accounts are compromised a day? The Facebook spokesman said he does not have statistics for that.

Meanwhile, if your account does get hijacked, you can get it back by using a new Trusted Friends feature that was announced yesterday along with the security infographic. It lets you select three to five friends who can be trusted to help get access to a hijacked account. Facebook will send secret codes to them and they can then share them with you.