How Facebook Tries to Protect Users' Online Credentials - NYTimes.com

Hacked profiles as an open data source

"Facebook’s security team seeks out the hacked information and cross-checks it with credentials used by its members. “We try and monitor those channels proactively,” said Matt Jones, an engineer on Facebook’s site integrity team.
If a match is found between hacked credentials and those used for Facebook accounts, Facebook can lock out the affected accounts. Then, the next time the users log in, they are notified that because their information was compromised elsewhere, they must go through additional steps to verify their identity and must change their log-in credentials."

How Facebook Tries to Protect Users' Online Credentials - NYTimes.com