Reports of stolen account credentials are being heard all the time, making things worse, some people use the same account details on multiple websites. Therefore, hackers can use the stolen credentials to log onto multiple websites a victim uses.
To counter these Facebook has created an automated service to monitor the web for stolen e-mail addresses and passwords. The service seeks for stolen credentials and compares them to those being used on Facebook.
To cite Facebook’s security engineer Chris Long “We built a system dedicated to further securing people’s Facebook accounts by actively looking for these public postings, analyzing them and then notifying people when we discover that their credentials have shown up elsewhere on the Internet.”
Long’s advice to users is simple “don’t use the same password for every website”. As last week’s theft of accounts from Dropbox has shown, users’ accounts on a website can be compromised without actually hacking that website.
If the system finds a match, the affected user is notified when he logs in and is then guided through a process that requires him to change the password.
Suggested read on this topic:
