Skip to main content

Facebook buys black market password dumps to protect user accounts

Not many companies these days have been as good as Facebook at keeping their name out of the headlines for security breaches, and this in large part is due to the work of its security team — headed by Alex Stamos.

Facebook has added many security features over the years, things like two-factor authentication, unrecognized browser login notices, and more, but one of the biggest security flaws for Stamos and his team concerns passwords. Many people are lazy with their passwords, using the same one everywhere or picking easy-to-guess combinations like 1234567, and while Facebook’s team has developed the above security measures to help make even accounts with weak passwords safe, the fact is that many Facebook users don’t make use of them.

Recommended Videos

During Web Summit in Lisbon, Portugal, Stamos noted this weak point in security and talked about the responsibility of the social network to protect all accounts on Facebook, even the ones who don’t make use of all the security features. “The reuse of passwords is the number one cause of harm on the internet,” Stamos said at the conference.

But one tactic the company is taking to ensure the security of these password-only accounts is to go to the black market and buy stolen passwords from hackers, and then cross-referencing those against encrypted passwords in the Facebook system, looking for matches.

A security system is only as strong as its weakest link, and in the case of Facebook and the vast majority of the web at this point, that weak link is the username/password system that has been in place since the web was invented.

While the company might be criticized for funneling money to the hacking economy, it is at the same time impressive to see a corporation such as Facebook thinking outside of the box when it comes to protecting our social accounts.

Anthony Thurston
Anthony is an internationally published photographer based in the beautiful Pacific Northwest. Specializing primarily in…
Facebook removes fake accounts and pages linked to Roger Stone
Roger Stone

Facebook removed fake accounts linked to President Donald Trump’s former political advisor, Roger Stone, for “coordinated inauthentic behavior.” 

The social network removed accounts and pages posing as Florida residents that were linked to the hate group the Proud Boys, according to Facebook. The fake accounts posted about local Florida politics, the hacked materials released by Wikileaks ahead of the 2016 election, and Stone's books, trial, and websites. 

Read more
Facebook audit finds it’s not doing enough to protect civil rights
mark zuckerberg speaking

 

Facebook’s decision to not fact-check political posts has left its platform vulnerable to misuse by politicians to interfere with voting and suppress civil rights, according to a two-year audit of the company’s policies and practices by civil rights expert Laura W. Murphy and Megan Cacace.

Read more
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more