Facebook knows that password leaks endanger its users, even if it's another website that's been hacked, because people tend to reuse their log-in credentials (remember that recent Dropbox issue?). That's why it has developed a process that actively monitors news of huge security breaches and scans "paste" sites like pastebin, which hackers typically use to distribute username and password dumps. Upon finding a collection of email addresses and passwords, the system uses an automated process to check them against the social network's user database. Facebook says that doesn't mean it has copies of people's passwords in plain text, though: it encrypts or hashes stolen passwords first before comparing them to similarly encrypted log-in details. In the event that the system does spot an exact log-in combination that's also used on Facebook, it walks the user through changing his password the next time he logs in.