Facebook is buying passwords from the online black market and comparing them to the passwords of the users. The list of passwords, captured in plaintext, goes through a hash function and compares the hash results to their user’s hashed password. Allegedly Facebook doesn’t store passwords in plaintext, when a user logs on the password entered it compared to the hash stored in the system for that user. Facebook does the same for the passwords it mines from the online black market. If a match is found, Facebook locks the account and hides the account from the public until the user changes his or her password. I’ve seen this before somewhere else, in fact I was alerted to it through CSID, an identity protection company. CSID alerted me that the password for one of my monitored email accounts was found online in black market. I changed that password so fast..
https://nakedsecurity.sophos.com/2016/11/11/facebook-is-buying-up-stolen-passwords-on-the-black-market/
This is pretty interesting. I really like this approach in order to mitigate the risk of account hijacking. Exploited passwords will always be available, and someone will pay money in order to get them. By taking a pro-active approach, Facebook gives the user a second chance to protect their profile.
Nice article, paying the crooks to stop them from stealing passwords is an interesting approach, but it seems an unethical way of doing cyber security.
Very interesting article. I don’t really think it is unethical for Facebook to do this, after all the data is already out there on the black market. Somebody will buy it and use it to hijack Facebook’s customer account. Facebook is just being proactive and ensuring that they’re customer’s are aware to help them prevent their account from being hijacked.
Interesting post and I think Facebook is one of the pioneer company taking security of its users account to a different level by implementing such out of box ideas.Many different ways adopted by facebook like making its text chat as encrypted are some of its step which make FB secure.Recently facebook has also launched the payment system where you can pay your friend through FB and integrating payment options where there will be handling sensitive payment information the FB in coming time will be taking more proactive measure to protect its user account.
It’s good to see a company taking a proactive approach to securing their customer’s online presence. The concept of checking the password hash then comparing the hash against password hashes in their system was an excellent strategy.
Not sure how I feel about this one. I agree that this is a unique approach and will help to identify users that are vulnerable to leaked passwords, but funding these criminals seems to be enabling to me. When it comes to passwords and authentication, I would prefer Facebook to invest more in cutting edge multi-factor authentication solutions.