My Bitdefender
  • 0 Shopping Cart

Bitdefender Blog

When two plus two equals three. How grim is the Facebook account hijacking picture?

by , on 01 November 2011

Last week Facebook published a fascinating info-graphic on its security and anti-spam measures, as well as the size of the Facebook account hijacking phenomenon.

The most interesting piece of information was the percentage of hijacked Facebook logins: 0.06 % of the 1 billion daily logins are compromised. 600,000 illicit logins add a dark hue to the Facebook security picture and it’s bound to turn account hijacking into the top security concern of the platform..

But the figure may be misleading.While there’s no denying that account highjacking is a pervasive social network plague, it’s too early to give up hope. The details of this story, such as the fact that logins are not synonymous with accounts here, helps us keep our feet firmly on the ground.

Time for some math. Facebook has about 800 million active users, half of whom log on every day. This would account for 2.5 logins/user, on average. However, it’s not clear what the info-graphic’s authors understand by one login. This may refer to a new session (the user logged out, then logged in to his/her account) or to account accessing after a period of inactivity (the user accesses the account at different times during the day, without ever logging out).

Some users stay logged in all day on the same device. That’s one day, one session and login for each. Other people may access Facebook several times from multiple devices though, and we may assume that each access counts as a login. As this entails a small unique user/ account login tracking problem, the actual fake login figure may well be smaller.

Account hijacking methods and detection routines further impact this figure. First, hijacking detection algorithms have a threshold, which means that several fake logins must take place in order for a block action to be triggered.

Second, accounts are often hijacked by means of one or more fishy apps. Each such application may access the same account from multiple web locations, since scammers use compromised servers and compromised servers may well be taken down and replaced.

Third, scammers exchange compromised accounts on black markets, which easily explains why there may be multiple fake logins on the same compromised account.

Fourth, false positives are difficult to keep track of. In other words, users will sometimes be asked to reset their passwords as a precaution, even if nothing wrong actually happened to their account.

Bottom line: statistics must be taken with a grain of salt. There is no perfect detection algorithm and the number of detected hijacked accounts may differ from that of actual and unique instances of hijacking.   From this point of view, an estimate of duplicate logins on the same hijacked account helps us better understand how account hijacking happens and how it can be prevented. 

On Nov.7.2011 13:35

richard said

I found your site about 2 weeks ago when I was struggling to get rid of a virus. I have a learned a lot! (then though some of it is over my head) I got a lot of great help here, and at this website:

Daily "Did you know?"

On July 31, 2008, the Koobface computer worm started to target users of Facebook and MySpace; and new variants still constantly appear.


  • Bitdefender Security Specialists
    Bitdefender Labs
  • Catalin Cosoi
    Chief Security Researcher
  • Dan Lowe
    Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.
  • Ligia Adam
    Security Evangelist and Social Media Professional
  • Loredana Botezatu
    Loredana Botezatu – E-threat Analyst – Loredana has been writing about the IT world and e-security for well over five years. She has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.