Facebook now actively seeks password leaks to protect its users

Sponsored Links

Mariella Moon
October 17th, 2014
In this article: facebook, security
Facebook now actively seeks password leaks to protect its users

Facebook knows that password leaks endanger its users, even if it's another website that's been hacked, because people tend to reuse their log-in credentials (remember that recent Dropbox issue?). That's why it has developed a process that actively monitors news of huge security breaches and scans "paste" sites like pastebin, which hackers typically use to distribute username and password dumps. Upon finding a collection of email addresses and passwords, the system uses an automated process to check them against the social network's user database. Facebook says that doesn't mean it has copies of people's passwords in plain text, though: it encrypts or hashes stolen passwords first before comparing them to similarly encrypted log-in details. In the event that the system does spot an exact log-in combination that's also used on Facebook, it walks the user through changing his password the next time he logs in.

While Facebook has just made this system a permanent layer of protection for its users, it's already been tried and tested: the company used the same procedure in the past following a large-scale Adobe hack. Still, the social network advises its users to activate two-step authentication, or to at least use a password manager so they don't have to reuse their mother's maiden name (or worse, 123456) over and over again.

[Image credit: Shutterstock]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget