To secure people’s Facebook account, social networking site Facebook has designed a system to check web for stolen email addresses and passwords. Theft of personal data like email addresses and passwords can have larger consequences because people often use the same password on multiple websites, Facebook’s security engineer Chris Long wrote in a Facebook post.
The system then checks the stolen credentials against the Facebook database to see if the stolen email and password combination matches the same email and password being used on Facebook.
“We built a system dedicated to further securing people’s Facebook accounts by actively looking for these public postings, analyzing them, and then notifying people when we discover that their credentials have shown up elsewhere on the Internet.” said Chris.
If Facebook finds a match, then it notifies the affected user the next time they log in and guide through a process to change their password.
- Once we find a set of stolen credentials, we pass the data into a program that parses it into a standardized format.
- After the data has been downloaded and parsed, an automated system checks each one of them against the Facebook internal databases to see if any of the email addresses and hashed passwords match valid login information on Facebook. We hash each password using our internal password hashing algorithm and the unique salt for that person. Since Facebook stores passwords securely as hashes, we can’t simply compare a password directly to the database. We need to hash it first and compare the hashes.
- If the email and hash combination doesn’t match, we don’t take any action. A mismatch indicates that the stolen password is different than the password you use on Facebook, and therefore an attacker wouldn’t be able to use that password to access your Facebook account.
- If the email address and hash combination does match, we will notify you the next time that you use Facebook and guide you through a process to change your password. Changing your password will invalidate the stolen password and help protect Facebook account.
Looking at the rising number of Cyber Crimes lately, not just for Facebook, it has become important to ensure secure login for all online accounts. As in case of Facebook, one can enable login notifications to add another step of security, and also monitor the approved devices in the security tab to check for any unauthorized activity.
Image Source: Mya2zinfo