Facebook Buys Leaked Passwords From Black Market, But Do You Know Why?

Facebook is reportedly buying stolen passwords that hackers are selling on the underground black market in an effort to keep its users’ accounts safe.

On the one hand, we just came to know that Yahoo did not inform its users of the recently disclosed major 2014 hacking incident that exposed half a billion user accounts even after being aware of the hack in 2014.

On the other hand, Facebook takes every single measure to protect its users’ security even after the company managed to avoid any kind of security scandal, data breach or hacks that have recently affected top notch companies.

Speaking at the Web Summit 2016 technology conference in Portugal, Facebook CSO Alex Stamos said that over 1.3 Billion people use Facebook every day, and keeping them secure is building attack-proof software to keep out hackers, but keeping them safe is actually a huge task.

Stamos said there is a difference between ‘security’ and ‘safety,’ as he believes that his team can “build perfectly secure software and yet people can still get hurt.”

Stamos was former Chief Information Security Officer at Yahoo who left the company in 2015 after discovering that its Chief Executive Marissa Mayer authorized the government surveillance program.

Stamos joined Facebook in summer 2015 and now leads the security team at the social network. He said that the biggest headache he deals there with is caused by passwords users keep securing their accounts.

The reuse of passwords is the No. 1 cause of harm on the internet,” said the security chief.

According to him, the username and password system that was initially introduced in the 1970’s will not help us now in 2016.

As CNET reports, when passwords are stolen in masses and traded on the black market, it becomes apparent just how many of users are choosing the weakest passwords, such as 12345 and password, to secure their online accounts, automatically making their account more vulnerable to being hacked.

And this issue is something the social network giant is keen to help its users avoid.

In an attempt to check that its users are not making use of these commonly used passwords for their Facebook accounts, Stamos disclosed that the company buys passwords from the black market and then cross-references them with encrypted passwords used on its site.

Stamos said that the social network then alerts tens of millions of users that their passwords needed changing as they were not strong enough to protect their accounts.

Facebook provides you a whole bunch of tools to tighten up the security of your account, including traditional two-factor authentication, identifying faces of friends, as well as machine learning algorithms to determine and inform whether activity on your account is fraudulent.

Users are always advised to enable Two-factor authentication, which is an effective measure to keep a tight hold on your account even after hackers have your credentials.

Another new measure tackles the issue of account recovery. So, even if hackers find their way into your email account that could allow them to seize your Facebook account easily by resetting your password, the social network allows you to let your close friends verify account recovery request on your behalf.

Via: The Hacker News