Facebook buys stolen passwords on the black market to protect your account

Facebook Relying on Black Market for Buying Passwords and Safeguard Users Privacy

How will you react if Facebook asked you to come up with a different password for logging into your account and to forget about the password you are using for years? Most probably you will feel annoyed. What if we tell you that Facebook is adopting this new mechanism to keep your account protected? Then you will be interested in knowing more about the latest change in the security measures by the Social Network. So let’s find out what the fuss is all about.


Alex Stamos, the Chief Security Officer at Facebook, stated that the social network has bought passwords sold by hackers on the Black Market and cross-referenced these passwords with the ones encrypted on their platform thereby protecting their users.

The reason, as per Stamos, is to keep the accounts protected from security breaches.

Stamos was speaking at Lisbon’s Web Summit where he explained the new technique Facebook would be relying upon for safeguarding users accounts. The Web Summit is being held in Lisbon, Portugal.

CNET quoted Stamos:

“Keeping Facebook safe and keeping it secure are two different things; security is about building walls to keep out threats and shore up defenses. It turns out that we can build perfectly secure software and yet people can still get hurt.”

The passwords bought from the Black Market are those that were stolen from mass data hacks like Yahoo, Dropbox, Twitter, LinkedIn, MySpace and are now offered for sale by the hackers.

Stamos also revealed that passwords reuse is the number one cause of security breaches on the internet and Facebook is most vulnerable in this respect as it attracts over 1.3 billion visitors on a daily basis. If the users have not kept strong passwords, then their accounts would be vulnerable.

Also Read: Facebook to be the biggest virtual graveyard by 2098

Such as “123456” is the most commonly used password, and in stolen databases, this password was identified in a majority of the accounts. So if anyone on Facebook uses the same password and security team at the social network discovers it by cross-checking the stolen passwords with their users’, the account will automatically be termed as exploitable.

Naturally, the user will be prompted to change the password that he or she has been using since day one on Facebook. This step is aimed at creating a safety-based culture at the social network to prevent abuse of user accounts. The website will be offering a variety of tools for safeguarding user account ranging from the customary two-factor authentication to facial recognition feature. To check the presence of fake login attempt, Facebook uses Social Graph algorithms.


But, Stamos believes that: “Even though we provide these options, it is our responsibility to think about those people that choose not to use them.”

Would this help Facebook in protecting security and privacy of its users? Please tell us what you think in the comments section below.

Related Posts