Facebook protects its users' accounts by purchasing lists of stolen passwords from criminals.
(CCM) — Facebook has been paying criminals in hacker forums and other parts of the internet's black market for lists of stolen passwords, according to a report on Tech Times. The purpose of the transactions is to protect users who may have used their Facebook passwords on other sites. This is common practice, even though it puts their Facebook account at risk if any of the other sites are compromised, because hackers often try to log in to Facebook accounts using the usernames and passwords stolen from less secure sites.
According to Alex Stamos, Facebook's chief security officer, the social network checks the stolen passwords against users' Facebook passwords. This has enabled it to warn "millions of users" that their passwords are known to hackers and should, therefore, be changed as soon as possible. Facebook can also lock users out of their Facebook accounts until they change their passwords for their own protection, as was done in 2013, when a large number of passwords were stolen from Adobe. The practice of purchasing lists of stolen passwords raises ethical questions because, by doing so, Facebook could be accused of funding criminals and encouraging them to steal passwords from other sites.
Image: © Lukasz Stefanski - Shutterstock.com