Facebook is looking for your stolen passwords. On Friday, the social network announced that it built a system that will actively search sites for stolen credentials and then reference that data with its own records. “This is a completely automated process that doesn’t require us to know or store your actual Facebook password in an unhashed form,” Facebook security engineer Chris Long wrote in a post. “In other words, no one here has your plain text password.” If there is a match, users will be notified by Facebook.
Mr. Long also offered some common-sense advice: don’t use the same password for every website. As the Dropbox security scare last week showed, big companies don’t necessarily have to be hacked to be compromised. The stolen username-password combinations were not swiped from Dropbox, the company said, but taken from other services and posted on Pastebin, one of many “paste” sites that let people share plain text — often computer code but sometimes ill-gotten information like passwords.