This actually is in the “good news” department. The some security folks at Facebook are scouring the Dark Web, looking for rainbow tables of user names and passwords in order to find Facebook users who may be reusing the same password on multiple sites. As we have discussed here many times, password reuse creates a serious security vulnerability. If the cyber-crooks have your password for one site, they will try it on other sites to see if you used it more than once. And if you have – well it’s game over for you.
The part of Facebook’s effort that is slightly controversial is that they are purchasing these lists from cyber-criminals on the Dark Web. This of course financially supports the bad guys. Facebook sees their effort as creating a greater good. I would have to agree with Facebook.
So if you get a message from Facebook saying that your password has been identified as one that is for sale on the Dark Web, you should take this seriously and change your password.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com