Most people are concerned about the prospect of their social media accounts being hacked, but a new study finds that it’s actually people we know who frequently access our accounts without our permission.

In a survey of 1,308 US adult Facebook users, University of British Columbia researchers found that 24% – or more than one in five – had snooped on the Facebook accounts of their friends, romantic partners or family members, using the victims’ own computers or cellphones.

“It’s clearly a widespread practice. Facebook private messages, pictures or videos are easy targets when the account owner is already logged on and has left their computer or mobile open for viewing,” Wali Ahmed Usmani, study author and computer science master’s student said in a release.

People admitted to spying on their friends, family, and romantic partners out of simple curiosity or fun—for example, setting a victim’s status or profile picture to something humorous. But other motives were darker, such as jealousy or animosity.

“Jealous snoops generally plan their action and focus on personal messages, accessing the account for 15 minutes or longer,” said computer science professor Ivan Beschastnikh, a senior author on the paper.

“And the consequences are significant: in many cases, snooping effectively ended the relationship.”

The findings “highlight the ineffectiveness” of passwords and PINs in stopping unauthorized access by insiders, added electrical and computer engineering professor Kosta Beznosov, the paper’s other senior author.

“There’s no single best defense—though a combination of changing passwords regularly, logging out of your account and other security practices can definitely help,” said Beznosov.

Characterizing social insider attacks on Facebook was funded by the Office of the Privacy Commissioner of Canada and prepared in collaboration with researchers at the University of Lisbon.