New figures from Facebook reveal how often the social networking site's users are hacked. In the blog post announcing the forthcoming “Trusted Friends” feature, Facebook also an included infographic detailing Facebook's security measures. One figure in particular jumped out at security researchers: every day, “only .06%” of Facebook's 1 billion logins are compromised. Or, to put it another way, 600,000 logins per day are compromised.
This tidbit was first noticed by Graham Cluley of Sophos, who, apparently didn't ignore the infographic like the rest of us. (Marketers have ruined infographics for us – we're too often infographic-blind these days).
Crunching the numbers, Cluley noted that 600,000 compromised logins per day means one compromised login every 140 milliseconds.
Facebook revealed the figure in a section explaining how it keeps spam at bay, as the majority of the time, Facebook accounts are hacked by spammer who send out messages to the victim's friends. (Who hasn't seen this? “Help, I'm in London and had my wallet stolen!”)
There were some other interesting numbers shared by Facebook, too, including:
- Less than 4% of the content shared on Facebook is spam (vs. 89.1% of email is spam)
- Less than 5% of Facebook users experience spam on any given day
- 50% of Facebook's 750+ million users login to Facebook every day (wait, aren't we up to 800 million now? Must be an old infographic).
- The average user has 130 friends
- People spend over 700 billion minutes on the site per month
Update: We were curious about what Facebook really meant by “compromised” accounts, so we were glad to hear back from the Facebook PR team this afternoon with a clarification. First of all, Facebook wants it known that these accounts weren't hacked or compromised on Facebook itself, they are compromised off site, such as through phishing scams, for example. (I think we all pretty much knew that, but there you go.)
And for the record, here's how Facebook is defining “compromised”:
Compromised in this sense refers to logins where we are not absolutely confident that the account's true owner is accessing the account and we either preemptively or retroactively block access.