1 in 5 adults secretly access Facebook accounts that aren’t theirs

Every day about 600,000 Facebook accounts are illegally accessed by someone who isn’t the intended use of the account, according to the social media giant. But while you’re taking every measure to make sure hackers from the outside aren’t getting in, someone on the inside probably already has.

According to a new survey by the University of British Columbia, more than one in five adults admit they’ve secretly accessed the Facebook accounts of their friends, family members and/or romantic partners through the victim’s own computer or smartphone device without permission.

“It’s clearly a widespread practice,” Wali Usmani, a UBC computer science graduate student and co-author of the study said in a statement. “Facebook private messages, pictures or videos are easy targets when the account owner is already logged on and has left their computer or mobile open for viewing.”

READ MORE: filtertechnik.mobi

The survey polled 1,308 adult Facebook users and found that much of the snooping was out of simple curiosity or fun — for example, changing someone’s profile picture as a prank. However, some of those surveyed admitted to snooping out of jealousy or animosity.

The attackers didn't access any information on the remaining one million accounts. Here's how to find out if, and how badly, you were affected.

Facebook wouldn't comment on Thursday about the geographic breakdown of impacted users, but Rosen described the attack as having a "fairly broad" global impact. He also reiterated that Facebook hasn't found evidence that the attackers used stolen access tokens to compromise third-party accounts that incorporate Facebook's login scheme. Facebook released a tool to third-party developers last week that allows them to check whether any of their user accounts were compromised during this incident.

Facebook repeatedly emphasized its swift action in investigating and remediating the attack, but wouldn't elaborate on why it didn't take more precautionary steps between September 14 when it first identified suspicious traffic, and September 25 when the company had concluded that the activity was indicative of an attack, identified the vulnerability, and patched it. "There was a spike in activity, these things do happen, there is always variation in how Facebook is used over the course of any given day," Rosen said. "This was unusual which is what triggered this investigation and prompted us to dig and understand what was going on and eventually uncover that this was in fact a security issue."

Facebook says it hasn't seen evidence yet of the stolen data being abused in the wild, and the company now feels more confident in its assessment of what data was taken and which users were impacted. Rosen noted, though, that some aspects of the situation remain unknown. Facebook is continuing to investigate other ways that the hackers may have abused the platform, and hasn't ruled out the possibility that other attackers exploited the three bugs to launch similar assaults under the radar.