VPN Articles and News

Facebook to Notify Users of Account Theft

Monday, November 17th, 2014

Facebook has hit upon a novel idea to keep user accounts safe from hacking and theft. In a bold and proactive move, the social networking giant has decided to monitor the web for stolen emails and passwords and compare them against its own database to check if user accounts were compromised. Facebook implemented this system almost one year ago when millions of user credentials were stolen from Adobe’s servers but the information regarding its existence was made public very recently. In the last few months, the company has introduced several measures to protect user information from getting compromised and this monitoring system is yet another step to ensure the safety of the vast amount of private data that the company holds.

To implement this monitoring system, Facebook decided to keep track of large scale data breaches and select number of sites where stolen credentials are regularly posted. Most hackers usually post stolen login credentials on limited number of forums and paste sites so it was easy for Facebook to create an automated system that can automatically capture data from such avenues. Once the system captures leaked credentials, it compares the stolen credentials with usernames and passwords that are already present in Facebook’s database.

In order to do the comparison, the automated system first hashes the leaked passwords with the same algorithm that Facebook uses to store user passwords. This is necessary because the leaked passwords are in text format while the passwords stored in Facebook’s database are in hash format. Once the captured passwords are hashed, every leaked email-hashed password combination is run against the data stored in the company’s servers. If a match is found, Facebook disables the password and informs the user about the security breach. Users whose accounts have been compromised won’t be able to log into Facebook until they change their passwords.

Facebook’s automatic monitoring and account protection system would go a long way in protecting user data. Since a lot of people use the same email-password combination for multiple sites, Facebook is actually helping users to protect their information from falling into the wrong hands before much damage is done. Since the system is totally automated, user account details (especially passwords) are never exposed to anyone while the comparison is being done. It is also worthwhile to note the users’ passwords are never converted to text format; rather leaked passwords are converted to hashed values to ensure the integrity of login credentials and accounts.

Facebook also advises its users to switch to 2-step verification system so that stolen credentials cannot be used for serious crimes such as identity theft. The company also recommends using Facebook login for third party websites as far as possible since it protects them against security breaches occurring on those websites. Since many large websites (such as Dropbox) have been hit by data thefts recently, it makes sense to heed to Facebook’s advice since no other website is equipped with such a sophisticated and automatic data monitoring and protection system.

November 17, 2014

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 0 =