One in five adults secretly access their friends' Facebook accounts

UBC computer scientists: 24 per cent of adults have snooped on the Facebook accounts of their friends, partners or family members.

Most people are concerned about the prospect of their social media accounts being hacked, but a new study finds that it’s actually people we know who frequently access our accounts without our permission.

In a survey of 1,308 U.S. adult Facebook users, University of British Columbia computer scientists found that 24 per cent had snooped on the Facebook accounts of their friends, romantic partners or family members, using the victims’ own computers or cellphones.

“It’s clearly a widespread practice,” said UBC computer science graduate student Wali Ahmed Usmani, author of the study. “Facebook private messages, pictures or videos are easy targets when the account owner is already logged on and has left their computer or mobile open for viewing.”

People admitted to spying on their friends, family, and romantic partners out of simple curiosity or fun—for example, setting a victim’s status or profile picture to something humorous. But other motives were darker, such as jealousy or animosity.

“Jealous snoops generally plan their action and focus on personal messages, accessing the account for 15 minutes or longer,” said computer science professor Ivan Beschastnikh, a senior author on the paper. “And the consequences are significant. In many cases, snooping effectively ended the relationship.”

The findings highlight the ineffectiveness of passwords and device PINs in stopping unauthorized access by insiders, added electrical and computer engineering professor Kosta Beznosov, the paper’s other senior author.

“There’s no single best defense—though a combination of changing passwords regularly, logging out of your account and other security practices can definitely help,” said Beznosov.

The research was was funded by the Office of the Privacy Commissioner of Canada and prepared in collaboration with researchers at the University of Lisbon. It will be presented in May at the Association for Computing Machinery’s Conference on Human Factors in Computing Systems.

There’s no single best defense. A combination of changing passwords regularly, logging out of your account and other security practices can help.