Facebook is one of the most popular social media platforms in the world, with over 2.8 billion monthly active users as of Q3 2020. However, with immense popularity comes increased threats of hacking and data breaches. So how many Facebook accounts actually get hacked on a daily basis?
Facebook accounts contain sensitive personal information like photos, messages, location data, and sometimes even financial information through Facebook Pay. A hacked Facebook account can enable cybercriminals to steal identities, commit fraud, spread malware, and more. Even seemingly harmless hacked accounts can be used to send spam or scam links to friends in your network.
Facebook has strong security measures in place to protect user accounts, including login approvals, two-factor authentication, and AI detection of suspicious activity. However, hackers are always devising new ways to break into accounts by exploiting vulnerabilities or tricking users into giving up login credentials.
Estimating the number of daily Facebook account hacks is difficult, as many incidents may go unreported by users or undetected by Facebook. However, we can extrapolate based on available statistics on hacking and Facebook’s user base to get a sense of the scale.
Number of Facebook Users
As of the third quarter of 2020, Facebook reported having 2.8 billion monthly active users worldwide. This includes users across Facebook’s family of apps:
- Facebook: 2.5 billion monthly active users
- Messenger: 1.3 billion monthly active users
- WhatsApp: 2 billion monthly active users
- Instagram: 1.2 billion monthly active users
With billions of accounts spread across its platforms, Facebook has an immense user base that cybercriminals seek to exploit. Even compromising a tiny fraction of accounts can be profitable for hackers.
Cybercrime Statistics
Some statistics on cybercrime help set the stage:
- The global cost of cybercrime is estimated at around $6 trillion in 2021, up from $3 trillion in 2015.
- There were 1.56 billion victim cybercrime incidents globally in 2020.
- Around 37% of data breaches compromise account credentials through hacking.
- 81% of hacking-related breaches leveraged stolen or weak passwords.
- 34% of global consumers have had an online account compromised.
While not Facebook-specific, these numbers indicate how widespread and costly cyberattacks are across industries and platforms. Where personal data exists, hackers will seek to exploit it.
Facebook Account Hacks
Turning directly to Facebook, statistics on account hacks include:
- Around 50,000 Facebook accounts are compromised each day, based on public comments by Facebook’s former Chief Security Officer Alex Stamos in 2013.
- An estimated 120 million Facebook accounts were compromised in a data breach in 2019 according to cybersecurity firm Comparitech.
- Facebook reported 54,000 cases of potentially unauthorized access to accounts in the first half of 2018.
- 878 million account login credentials were offered for sale on the dark web and hacker forums in 2021.
These figures indicate hackers have been successful at compromising millions of Facebook accounts through credential stuffing, phishing, malware and other techniques. While concrete numbers are elusive, a fair estimate based on available data could be anywhere from 20,000 to 60,000 compromised accounts per day.
Account Hacking Methods
Hackers employ diverse tactics to gain access to Facebook accounts, including:
Credential Stuffing
This method uses lists of leaked usernames and passwords from previous data breaches to brute force access Facebook accounts. If users reuse the same credentials across sites, exposed login details can be plugged into Facebook to break in.
Password Leaks/Guessing
Related to credential stuffing, hackers can guess weak or previously exposed passwords to access Facebook accounts. Lists of commonly used passwords help hackers gain access.
Phishing
Phishing tricks users into entering their Facebook login credentials into fake login pages that look identical to the real Facebook site. Spear phishing targets individual users.
Malware/Spyware
Malicious software downloaded onto a user’s device can steal Facebook login credentials entered and send them back to hackers remotely.
Session Hijacking
Hackers can compromise active Facebook sessions by intercepting login tokens that allow them to access accounts without reentering credentials.
Social Engineering
Manipulating Facebook users via psychological tricks to voluntarily give up their login info or click malicious links leading to credential theft or malware installation.
SIM Swapping
Porting a victim’s phone number to a SIM card controlled by hackers, enabling password reset via two-factor authentication text messages.
These and other clever techniques allow hackers to scale attacks across millions of accounts efficiently. Basic password hygiene and enabling two-factor authentication makes accounts much harder to hack through these methods.
Most Targeted Countries
Facebook account hacking is a global phenomenon, but some countries see higher volumes of attacks and compromised accounts. According to Kaspersky Lab data, the countries most targeted by social media hackers include:
| Country | Share of Attacks |
|---|---|
| Brazil | 14.51% |
| India | 10.11% |
| Indonesia | 6.88% |
| Egypt | 6.11% |
| Vietnam | 5.95% |
These developing digital economies present ripe targets with less cybercrime awareness among users. However, Facebook account hacking impacts mature markets as well.
Most Targeted Industries
Certain industries tend to be more heavily targeted in account hacking campaigns:
- Financial services – Attractive access to banking data and accounts.
- Government – Espionage and data extraction motivations.
- Healthcare – Valuable personal data for identity theft.
- Media/entertainment – Spreading fake news or infiltrating accounts.
- Retail/e-commerce – Access to financial and personal data.
Hackers follow the most valuable data across sectors. Large volumes of personal information concentrated in any industry represent hacking motivations.
Account Uses After Hacking
Once Facebook accounts are compromised, hackers leverage them for diverse criminal purposes:
- Financial fraud – Requesting money from friends, fraudulent advertising, redirecting payments.
- Spreading malware – Posting links leading to malware downloads.
- Spam messaging – Marketing illegal products or services.
- Cryptojacking – Using accounts to mine cryptocurrency.
- Sextortion – Threatening to expose private photos to contacts.
- Fake news – Spreading misinformation and propaganda.
- Reconnaissance – Profiling connections to support other hacking activity.
The personal nature of Facebook account data makes it valuable for identity theft, fraud, and social engineering attacks that rely on exploiting relationships and reputation.
How to Avoid Facebook Account Hacks
While Facebook account hacks will likely continue, individuals can take steps to minimize their risks:
- Use strong, unique passwords on Facebook and elsewhere.
- Enable two-factor authentication.
- Avoid clicking suspicious links or attachments.
- Be wary of Facebook messages/friend requests from unknown accounts.
- Monitor Facebook settings and notifications for signs of unauthorized access.
- Limit sharing of personal data on Facebook to only those you know.
Organizations should implement social media security policies, educate employees on risks, and leverage identity and access management tools to secure corporate Facebook accounts.
Facebook Security Measures
For its part, Facebook deploys advanced security systems to detect suspicious activity and mitigate hacking risks, including:
- AI and machine learning to spot phishing sites and posts.
- Automated and manual review of high-risk activity.
- Hacker financial bounty programs.
- Monitoring sites with stolen credential lists.
- Email/SMS login code security measures.
However, hackers adapt quickly and no security is ever foolproof. Users should remain cautious when engaging on social platforms, especially those with sensitive personal connections like Facebook.
Conclusion
Based on available data, an estimated 20,000 to 60,000 Facebook accounts are likely compromised through hacking methods each day. These account takeovers enable various types of cybercrime from fraud to identity theft, making Facebook a prime target. While Facebook itself undertakes extensive security protections, users ultimately bear responsibility for being cautious in their account behavior and settings. Avoiding common pitfalls like weak passwords and phishing can go a long way towards preventing becoming a victim of this daily onslaught of Facebook account hacking.