Facebook Is Hunting for Your Stolen Passwords

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Facebook is looking for your stolen passwords. On Friday, the social network announced that it built a system that will actively search sites for stolen credentials and then reference that data with its own records. "This is a completely automated process that doesn't require us to know or store your actual Facebook password in an unhashed form," Facebook security engineer Chris Long wrote in a post. "In other words, no one here has your plain text password." If there is a match, users will be notified by Facebook. Long also offered some common-sense advice: don't use the same password for every website. As the Dropbox security scare last week showed, big companies don't necessarily have to be hacked to be compromised. The stolen username-password combinations were not swiped from Dropbox, the company said, but taken from other services and posted on Pastebin, one of many "paste" sites that let people share plain text — often computer code but sometimes ill-gotten information like passwords.


— Keith Wagstaff