Facebook Buys Stolen Data to Keep its Users’ Accounts Safe

By Eva Magno / Dec 12, 2016 11:48 AM EST
(Photo : (Photo by Ted S. Warren-Pool/Getty Images)) REDMOND, WA - SEPTEMBER 23: Chinese President Xi Jinping (C) talks with Facebook Chief Executive Mark Zuckerberg (R) as Lu Wei, China's Internet czar, looks on during a gathering of CEOs and other executives at the main campus of Microsoft Corp September 23, 2015 in Redmond, Washington. Xi and top executives from U.S. and Chinese companies discussed a range of issues, including trade relations, intellectual property protection, regulation transparency and clean energy, according to published reports.

With all the public Data that Facebook has to handle, it is impressive how the tech giant managed to keep its user accounts safe. According to reports, the social media company is buying up stolen passwords and other credentials from the black market to make sure they are not used to attack the users and the site.

Facebook chief security office, Alex Stamos, said at the Web Summit in Lisbon last Wednesday that security is about building defenses, but safety is a whole different level, CNET reported. Even with perfectly secure software, people are still vulnerable, according to Stamos.

Stamos used to work for Yahoo! before coming in to Facebook in 2015. He now heads a team that protects the site from hackers and other possible threats before they can penetrate. According to Stamos, one of the biggest problems concerning security is the reuse of passwords.

Facebook has come up with a lot of various solutions to address this issue, from two factor authentication to machine learning algorithms that can determine whether there are fraudulent activities going on in a particular account.

According to reports, Facebook is also buying stolen passwords from the dark web to ensure the safety of its users. However, this has raised some major concerns, especially from the legal circles, Tech Crunch reported. Buying stolen data is simply illegal and dubious.

Facebook might be buying these stolen passwords themselves, or they are using a third party contractor to do the buying. No matter what the strategy is, buying stolen passwords and other data simply against today's laws.

Another major concern is how big amounts of legitimate money is going to the thieves who stole those credentials. This would only give them enough funds to continue what they are doing. Plus, this strategy would only establish a lucrative market for them. 

Facebook is definitely not the only company doing this, which means there is a big amount of money coming from legitimate businesses that flows to the hands of the thieves.

This only means that buying stolen credentials will only aggravate the situation. Others believe that this practice must be scrutinized and there must be honest conversations about this matter in the legal circles.