CNET recently reported Facebook buys credentials hackers sell on the black market. While this practice may seem unorthodox, Alex Stamos, Facebook’s Chief Security Officer, claims these purchases are for Facebook’s overall security effort.
Credential theft is the number one cause of account and information hacking. Using the same username and password combination is a common approach to apps and online accounts, but can lead to multiple accounts being compromised if the credentials are hacked. Once credentials are stolen, the hacker may sell the information on the black market.
Stamos explained Facebook buys passwords from the black market, then cross-references them with passwords used on the social network. From there, Facebook will alert users if their passwords need to be changed.
While Facebook’s efforts to create a safer site are appreciated by some industry professionals, others see the practice as questionable. Buying other service’s stolen data may be seen as unethical, or adding more monetary incentive for hackers.
Another way to cut down on credential theft is to educate users about the need for multi-level account verification and the dangers of using the same credentials on sensitive accounts. Data security practices are constantly evolving, but the first step in preventing stolen data is educating account owners.