Four Ways Hackers Crack a Facebook Password and How to Protect Yourself

Everyone is addicted to Facebook. Admit it, your Mom and your Brother are on it and as soon as you turn 13, you will be signing up too! Lol, j/k… This has led Facebook to break record numbers with over one billion monthly active users as of October 2012—and around 600 million active daily users. That is crazy! 1/5 of the world population on one site! Imagine that server power bill! (Did you know Air Conditioning is over half the power consumption of a server farm?)

We share our lives on Facebook. We share our anniversaries and birthdays. We share our vacation plans and locations (not recommended by the way). We share the births of our daughters and the deaths of our mothers. We share our most wonderful moments and our most painful insights. We divulge every nook and crannie of our so called lives.

But we sometimes forget who’s watching.

FacebookWe use Facebook as a tool for communication, but there are those people who use that connectivity for malicious purposes. We reveal what others can use against us. They know when we’re not home and for how long we’re gone. They know the answers to our security questions. People can practically steal our identities—and that’s just with the visible information we purposefully give away through our public FB profile.

The most frightening part is that as we get more comfortable with technological advances, we actually become more susceptible to hacking. As if we haven’t already done enough to aid hackers in their quest for our data by sharing publicly, those in the know can get into our emails and Facebook accounts to steal every other part of our lives that we intended to keep away from prying eyes.

In fact, you don’t even have to be a professional hacker to get into someone’s Facebook account.

It can be as easy as running Firesheep on your computer for a few minutes. In fact, Facebook actually allows people to get into someone else’s Facebook account without knowing their password. All you have to do is choose three friends to send a code to. You type in the three codes, and voilà—you’re into the account. It’s as easy as that.

In this article I’ll show you these, and a couple other ways hackers (and even regular folks) can hack into someone’s Facebook account. But don’t worry, I’ll also show you how to prevent it from happening to you.


Method 1: Reset the Password

The easiest way to “hack” into someone’s Facebook is through a password reset. This could be easier done by people who are friends with the person they’re trying to hack.

  • The first step would be to get your friend’s Facebook email login. If you don’t already know it, try looking on their Facebook page in the Contact Info section.
  • Next, click on Forgotten your password? and type in the victim’s email. Their account should come up. Click This is my account.
  • It will ask if you would like to reset the password via the victim’s emails. This doesn’t help, so press No longer have access to these?
  • It will now ask How can we reach you? Type in an email that you have that also isn’t linked to any other Facebook account.
  • It will now ask you a question. If you’re close friends with the victim, that’s great. If you don’t know too much about them, make an educated guess. If you figure it out, you can change the password. Now you have to wait 24 hours to login to their account.
  • If you don’t figure out the question, you can click on Recover your account with help from friends. This allows you to choose between three and five friends.

  • It will send them passwords, which you may ask them for, and then type into the next page. You can either create three to five fake Facebook accounts and add your friend (especially if they just add anyone), or you can choose three to five close friends of yours that would be willing to give you the password.


How to Protect Yourself

  • Use an email address specifically for your Facebook and don’t put that email address on your profile.
  • When choosing a security question and answer, make it difficult. Make it so that no one can figure it out by simply going through your Facebook. No pet names, no anniversaries—not even third grade teacher’s names. It’s as easy as looking through a yearbook.
  • Learn about recovering your account from friends. You can select the three friends you want the password sent to. That way you can protect yourself from a friend and other mutual friends ganging up on you to get into your account.


Method 2: Use a Keylogger

Software Keylogger

A software keylogger is a program that can record each stroke on the keyboard that the user makes, most often without their knowledge. The software has to be downloaded manually on the victim’s computer. It will automatically start capturing keystrokes as soon as the computer is turned on and remain undetected in the background. The software can be programmed to send you a summary of all the keystrokes via email.

CNET has Free Keylogger, which as the title suggests, is free. If this isn’t what you’re looking for, you can search for other free keyloggers or pay for one.

Hardware Keylogger

These work the same way as the software keylogger, except that a USB drive with the software needs to be connected to the victim’s computer. The USB drive will save a summary of the keystrokes, so it’s as simple as plugging it to your own computer and extracting the data. You can look through Keelog for prices, but it’s bit higher than buying the software since you have the buy the USB drive with the program already on it.


How to Protect Yourself

  • Use a firewall. Keyloggers usually send information through the internet, so a good firewall will monitor your computer’s online activity and sniff out most suspicious traffic and ask you about it.
  • Install a password manager. Keyloggers can’t steal what you don’t type. Password mangers automatically fill out important forms without you having to type anything in.
  • Update your software. Once a company knows of any exploits in their software, they work on an update. Stay behind and you could be susceptible.
  • Change passwords. If you still don’t feel protected, you can change your password bi-weekly. It may seem drastic, but it renders any information a hacker stole useless.


Method 3: Phishing

This option is much more difficult than the rest, but it is also the most common method to hack someone’s account. The most popular type of phishing involves creating a fake login page. This is the email you get in your box with some reason or another relaying you to log in to facebook. Some emails tell you it is pertinent that you login right away to update some information on your account, or others are more passive and tell you that someone left a comment or a friend request, then there is a link to login. Many people won’t think anything of it and click on the link… When they see the login page, it looks identicle to the main FB login page, so they do not take the time to notice that the page is hosted somewhere else. The phishing page takes the login credentials, logs them in a file for the hacker, then passes the victim on to the real login at facebook, so they don’t realize what just happened. This process is more difficult to execute because the hacker will need to create a web hosting account and a fake login page, but there are some tools such as Social Engineering Toolkit (SET) which do this in a pretty automated fashion. I will probably make a tutorial on how to use SET in such a fashion at a future time. It is much too involved to include in this post.


How to Protect Yourself

  • Don’t click on links through email. If an email tells you to login to Facebook through a link, be wary. Check the URL. If you’re still doubtful, go directly to the main website and login the way you always do.
  • Phishing isn’t only done through email. It can be any link on any website. Even ads that pop up can be malicious. Don’t click on any sketchy looking links that ask for your information.
  • Mostly, you should just keep in mind that if you are going to type your username and password to login to facebook, it should be done only after directly typing “” in your browser, and then making sure that you see “https” in the address bar.
  • Use an anti-virus like AVG or Microsoft Security Essentials.


Method 4: Stealing Cookies

facebook-cookiesCookies allow a website to store information on a user’s hard drive and later retrieve it. These cookies contain important information that a hacker can sniff out and steal if they are on the same Wi-Fi network as the victim. They don’t actually get the login passwords, but they can still access the victim’s account.

Firesheep is a Firefox add-on that sniffs web traffic on an open Wi-Fi connection. It collects the cookies and stores them in a tab on the side of the browser.

From there, the hacker can click on the saved cookies and access the victim’s account, as long as the victim is still logged in. Once the victim logs out, it is impossible for the hacker to access the account.


How to Protect Yourself

  • On Facebook, go to your Account Settings and check under Security. Make sure Secure Browsing is enabled. Firesheep can’t sniff out cookies on HTTPS, so try to steer away from HTTP.
  • Full time SSL. Use browser extensions such as HTTPS-Everywhere or Force-TLS.
  • Log off a website when you’re done. Firesheep can’t stay logged in to your account if you log off.
  • Use only trustworthy Wi-Fi networks. A hacker can be sitting across from you at Starbucks and looking through your email without you knowing it.
  • Use a VPN. These protect against any sidejacking no matter what website you’re on.


Protecting Yourself: Less Is More

Social networking websites are great ways to stay connected with old friends and meet new people. Creating an event, sending a birthday greeting and telling your parents you love them are all a couple of clicks away.

Facebook isn’t something you should steer away from, but you do need to be aware of your surroundings and make smart decisions about what you put up on your profile. The less information you give out on Facebook for everyone to see, the more difficult you make it for hackers.

Tagged , , , , , , , , , , , . Bookmark the permalink.

One Response to Four Ways Hackers Crack a Facebook Password and How to Protect Yourself

  1. Sohaib says:

    Help required- my FB acount is not secured 🙁

    Hi team, read your article. want some help inn this regards.

    i am facing a swear problem with Facebook. and is very depressed. Someone has put me in tension and i am feeling total unsafe in the world of Facebook.

    before we go to issue, i would like to describe situation. please read patiently. i ll be thankful.

    i have one (say A) main/personal facebook account and two (say B & C) visiting Facebook accounts.
    A has no link with B and C, neither in terms of Name, nether in terms of ID, neither in terms of behavior. But only one similarity that A & B,C have same phone number but that number is hidden and available to public and even friends.

    Email-ID and phone number are hidden in all three accounts

    i access all three accounts from one system but different browsers. and that system is secured and no other person can access that. this is for sure.

    i know about fake pages and fake links. so i have never gave any password on a page opened by a link. i always open FB by URL.

    A has no link/similarity with B and C (except number which is hidden). even name is different. totally different. even different friends, different page, different groups.

    B and are fake accounts. so no one from B and C knows the real identity of mine in those accounts.

    Now we come to the point

    someone kept an eye on my IP (I believe) and he/she messaged me on account A from his newly made fake account that

    you are the person who owns fake B and C accounts. and i was astonished and depressed at his discovery. because only I know about B and C accounts. How can he knows that I own B and C accounts ???

    He even knows about my email ids of all accounts and phone numbers associated to each account , …….. by the way, email-ids and phone are not public. And are available to me only

    I am in mental torture by this action of un safety. I believe that my privacy has been destroyed. I don’t want that anyone able to knows about my activities about my fb accounts. Hacker is using these information for blackmailing against me.

    Now I want help from you guys please regarding:
    10-A: how is it possible that he knows such a complete and 100% details about my all accounts ? and how he knows that fake accounts are belong to A ??? is this IP tracking or system tracking or something else ?

    10-B: what is the solution ? how can I prevent my system and accounts to avoid hacking attacks ??i want security. Fool proof security. I have listened that some tools are available ,, like IP lock etc which restrict hacker to hack accounts.

    10-C: how can I know about the person who hacked my information ??? I want to trace him out. His talk shows that he knows me very well and his is very close to me. (please note, consider point#3. No person can access my laptop)

    Can someone please help me in finding the answers of above THREE Questions ??? please help

    Thanks for your kind help and interest.

Leave a Reply

Your email address will not be published. Required fields are marked *