Facebook launched a system for collecting and checking data compromised accounts

The Facebook social network, after a number of major data leakage of user accounts from Gmail, Yandex and other resources, decided to launch a new system for collecting and checking such data. The principle of the system is simple - the web is looking for username / password pairs of accounts laid out in open access (for example, on Pastebin). Then the correctness of the data is checked, and if the pair is suitable, the owner of the compromised account receives a warning about the need to change the password.

At the same time, any detected login / password pairs are checked, regardless of the data belonging to any service. In other words, if an attacker has posted such data for Gmail, Yahoo, Outlook Mail - Facebook will check if the username and password are suitable for any Facebook account. The authors of the system explain this by the fact that users very often use the same logins and passwords for many services, so you need to check everything.
')
The process of finding and collecting such information is fully automated. In addition, encryption is used when collecting and verifying information. A check is made in a manner similar to the usual Facebook user authentication. According to the authors of this system, no data is transmitted in plain format.

On its blog, Facebook provides such details of the technical verification process:

1. When a set of stolen accesses is detected, this data is transmitted to the parser program, which brings the login / password pairs into a unified form;
2. After the spars data, the automatic system punches each pair on the base of Facebook, with all the checked data being hashed using a special algorithm, plus a unique salt identifier is added;
3. If the login / password pair fails, no further action is taken;
4. If the pair is suitable, the user of such an account is notified of the need to change the password upon the next login to the account.