Many of us know we’re not supposed to do it, but we do anyway: we use the same password across many different websites. That kind of laziness, though incredibly common, is exactly what hackers depend on. When wide-scale data breaches do then occur, it giftwraps access to not just one of your accounts, but many. Fortunately, Facebook announced this week that it’s on the lookout for its users’ stolen passwords.
In the wake of data breaches, many hackers will post the stolen information to message boards or forums. Facebook has created a tool that combs through this information for passwords and usernames that correspond with its user database.
“We monitor a selection of different ‘paste’ sites for stolen credentials and watch for reports of large scale data breaches,” said Facebook security engineer Chris Long. “We collect the stolen credentials that have been publicly posted and check them to see if the stolen email and password combination matches the same email and password being used on Facebook.”
If Facebook finds that your information has been stolen, they will notify you the next time you log in and walk you through the process of changing your password.
While this security measure is not purely altruistic on Facebook’s part (they have a vested interest in keeping hackers and spammers off the site, after all) it’s still a helpful and proactive feature to keep user profiles safe.
Always remember to never use the same password on multiple sites, and it’s a good idea to enable login approvals on your Facebook account!