A recent report on identity theft suggested that people who aren't careful with their privacy settings on social media may be putting themselves at risk.
But Facebook, for one, says it offers additional protections to keep its users' personal information safe. After recent high-profile hacks, like those last year at Universal Music and Viacom, Facebook says it has taken steps to determine if any of its own users' credentials may have been affected.
Although the security breaches did not occur at Facebook, people often use the same e-mail and password combinations for various online accounts. So if the information from one account is compromised, it may put other accounts at risk, too.
Sometimes, hackers are seeking to gain attention or to make a point and are not planning to sell the personal credentials they improperly obtained. (Recent attacks by the hacker group Anonymous are a case in point). In those instances, the hackers may post the pilfered information on file-sharing sites, as proof of what they've done. In such cases, Facebook can obtain the information and compare it with its own records.
Facebook's security team seeks out the hacked information and cross-checks it with credentials used by its members. "We try and monitor those channels proactively," said Matt Jones, an engineer on Facebook's site integrity team.
If a match is found between hacked credentials and those used for Facebook accounts, Facebook can lock out the affected accounts. Then, the next time the users log in, they are notified that because their information was compromised elsewhere, they must go through additional steps to verify their identity and must change their log-in credentials.
Facebook has obtained roughly five million credentials — typically, e-mail and password combinations — from publicly posted hacks and cross-checked them against Facebook accounts, said a company spokesman, Fred Wolens. He said he couldn't provide statistics on how often a match had been found.
Mr. Jones noted that cross-checking hacked information is an extra, "aggressive" step that Facebook takes, in addition to security measures it routinely uses to verify users when they log into their accounts.
Have you ever been notified by Facebook that you must change your log-in or password?
This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks.
No comments:
Post a Comment