Facebook hacking is rife and, if it happens to you, you are not alone. Unfortunately, there is no one to blame other than yourself. Facebook hacking is caused, in the vast majority of cases, by poor security practices and a lack of security awareness.

Facebook accounts get hacked because:

  • Passwords are stolen in phishing attacks
  • Two-factor account authentication is not used
  • Passwords are shared across multiple sites
  • Keyloggers have been installed on a computer used to access Facebook

If a hacker manages to obtain one password, chances are that same password is used on other sites. Criminals sell passwords online, and there are plenty of would be purchasers. Hackers even buy them on exchanges. Sharing passwords across sites is therefore very bad news, especially on sites that have poor security practices.

Fortunately, on Facebook at least, if you are hacked you can report it easily and should be able to recover your account.

A blocked Facebook account does not necessarily mean you have been hacked!

Facebook does frequently block user accounts. It does this as a security precaution, which is good for all users and offers some peace of mind. How often are accounts blocked? About 600,000 times a day, according to TechCrunch!

That is an awful lot of compromised accounts, yet do bear in mind that Facebook has over a billion users. So 600,000 represents just 0.06% of the total. Which is 6/10,000 if you prefer fractions to percentages.

When Facebook blocks an account is because the account has potentially been compromised. According to Facebook, this occurs when “we are not absolutely confident that the account’s true owner is accessing the account and we either pre-emptively or retroactively block access.”

This means that there is suspicious activity, Facebook often errs on the side of caution and blocks access. That could indicate an account has been hacked, or that action is being taken to prevent the account from being hacked. The good news is that when this happens, only the real owner can get the account unblocked. In theory at least.

When the figures of the number of blocked accounts emerged, the story was widely misreported in the media. Facebook was accused of a “shocking lack of security,” but the compromised account definition had not been read by many Facebook users, and even some reporters. Also bear in mind, that those 600,000 blocked accounts will include many false positives.

Determining exactly how many Facebook accounts have been hacked is rather difficult, unless you work for Facebook and have access to that data. It is possible however to come up with a fairly reasonable estimate, based on research conducted by security and market research firms. Their data can be used to get a reasonable estimate.

Take Statista’s figures for example. It conducted surveys on individuals who had been hacked, and 66% said they had had their Facebook accounts compromised. Then combine that with study data from Pew Research. The company determined that the volume of “internet users have had an email or social networking account compromised or taken over by someone else without permission” was 22%.

Using a simple calculation an estimate can be obtained: There are 1 billion Facebook users. 22% of individuals claim to have had an account hacked, and Statista says 66% of those were Facebook accounts. That works out at 145 million users, which should be a fairly reasonable estimate.

Fortunately, Facebook security is robust. A mobile phone is required as part of the account recovery process, so you would need to have lost that as well in order for your challenge question to be used to login. SSL certificates prevent network snooping, and the brute force approach will be prevented by Facebook’s security controls. But phishing scams are likely to leave your account open.

Fortunately, there are ways that you can protect yourself, and your Facebook account.

It can be difficult to avoid phishing scams, and all too easy to fall for one. One of the best defenses is to use Antispam software. SpamTitan’s software will prevent phishing campaigns from being delivered to your inbox. Parental controls at home, and web filtering controls at the office are excellent ways of blocking malicious links.

Unfortunately, not all access points have the above controls, so you will have to rely on common sense and become more security aware. For example:

  • Never click on a link that appears to take you to an unfamiliar site.
  • Never open email attachments sent from unfamiliar senders.
  • Use different passwords – don’t share them between websites
  • Use complex passwords, containing characters, capitals, and numbers
  • Don’t share everything about your life on social media
  • Change passwords regularly, certainly every 6 months
  • Don’t reuse passwords
  • Keep your anti-spam software, virusguard, and anti-malware programs updated, and scan regularly
  • Set your account recovery options and security questions as if they were passwords

And remember, just because you have friends and family on Facebook, don’t let it create a false sense of security. You can never be sure how security conscious they are! Complacency is likely to leave you vulnerable to hackers.

If your Facebook account has been hacked, let us know. We want to hear your stories!