Online social networks have billions of users worldwide when combined and they still keep increasing this amount. Their users typically develop trust relationships with the accounts of other users. But large numbers of users and potential gains from abuses of the trust relationships have attracted the attention of cyber-criminals. Therefore, it is important to stop accounts from being compromised by these criminals. In this paper, an anomaly model trained on the previous login data of users is applied to detection of compromised accounts. The login data comes from the Pokec online social network, which is the largest community in Slovakia where people can meet others and talk to their friends. The anomaly model watches sudden changes in the behavior of a user trying to log in to her or his account. A change in the behavior can indicate an attempt from someone else to compromise the account of the user. The efficiency of the anomaly model is validated with computation of measures such as sensitivity, specificity and overall accuracy. Achieved results are promising with a real potential to detect compromised accounts.