Skip to main content

Facebook buys black market password dumps to protect user accounts

facebook security accounts search
Image used with permission by copyright holder
Not many companies these days have been as good as Facebook at keeping their name out of the headlines for security breaches, and this in large part is due to the work of its security team — headed by Alex Stamos.

Facebook has added many security features over the years, things like two-factor authentication, unrecognized browser login notices, and more, but one of the biggest security flaws for Stamos and his team concerns passwords. Many people are lazy with their passwords, using the same one everywhere or picking easy-to-guess combinations like 1234567, and while Facebook’s team has developed the above security measures to help make even accounts with weak passwords safe, the fact is that many Facebook users don’t make use of them.

During Web Summit in Lisbon, Portugal, Stamos noted this weak point in security and talked about the responsibility of the social network to protect all accounts on Facebook, even the ones who don’t make use of all the security features. “The reuse of passwords is the number one cause of harm on the internet,” Stamos said at the conference.

But one tactic the company is taking to ensure the security of these password-only accounts is to go to the black market and buy stolen passwords from hackers, and then cross-referencing those against encrypted passwords in the Facebook system, looking for matches.

A security system is only as strong as its weakest link, and in the case of Facebook and the vast majority of the web at this point, that weak link is the username/password system that has been in place since the web was invented.

While the company might be criticized for funneling money to the hacking economy, it is at the same time impressive to see a corporation such as Facebook thinking outside of the box when it comes to protecting our social accounts.

Editors' Recommendations

Anthony Thurston
Anthony is an internationally published photographer based in the beautiful Pacific Northwest. Specializing primarily in…
Facebook removes fake accounts and pages linked to Roger Stone
Roger Stone

Facebook removed fake accounts linked to President Donald Trump’s former political advisor, Roger Stone, for “coordinated inauthentic behavior.” 

The social network removed accounts and pages posing as Florida residents that were linked to the hate group the Proud Boys, according to Facebook. The fake accounts posted about local Florida politics, the hacked materials released by Wikileaks ahead of the 2016 election, and Stone's books, trial, and websites. 

Read more
Facebook audit finds it’s not doing enough to protect civil rights
mark zuckerberg speaking

Facebook’s decision to not fact-check political posts has left its platform vulnerable to misuse by politicians to interfere with voting and suppress civil rights, according to a two-year audit of the company’s policies and practices by civil rights expert Laura W. Murphy and Megan Cacace.

The 100-page evaluation says Facebook repeatedly contradicted its own policies -- enabling malicious actors to abuse its platform for spreading hate, discrimination, and more. The review adds that the social network’s executives on numerous occasions failed to take into account civil rights standards and contradicted its own policies in the name of free expression.

Read more
Facebook will now let users turn off political ads
Mark Zuckerberg

Facebook CEO Mark Zuckerberg said his social media company is gearing up for the 2020 election by rolling out an option for users to turn off political ads and launching an initiative to increase voter turnout.

In an op-ed for USA Today, Zuckerberg said users will be able to switch off political ads, a tool it first introduced earlier this year in January.

Read more