Hack a Facebook account
Let's get started...
Start hacking a Facebook account by using our interactive wizard. We have been in business since 2014, generally hack 3 out of 4 accounts(72 %) and strive to provide as intuitive a service as possible.
Start hacking a Facebook account by using our interactive wizard. We have been in business since 2014, generally hack 3 out of 4 accounts(72 %) and strive to provide as intuitive a service as possible.
Want to learn exactly how our process works before getting into it yourself? You're in luck because we have created a tutorial that describes EXACTLY the steps needed to hack a Facebook account.
How to hack a Facebook account easily or online Facebook hacker are some of the keywords that are searched for most these days. Throughout this (extremely long!) article, I will describe various methods on how a third party could have someones Facebook account password as well as how you can avoid getting your own Facebook account hacked.
I have been the head IT security for a major firm for a couple of years, and in private, people tend to ask a lot of the same questions:
Until we developed our patented Blue Portal Facebook Password Hacker, no tool existed that could hack a Facebook account automatically. A quick web search will show you that a lot of sites offer such services, however, I can guarantee you that our Facebook password hacker is the only working one.
Most of the other sites will either ask you to fill out a survey, or even make a payment to some foreign account. Even after doing this, you will still not receive an incorrect username and password since their Facebook hacker really does not work. All these fake services do is waste your time and money and for this reason, our FB password finder only asks you to make a payment once the account has actually been hacked successfully.
If you don't have any money, or simply want to learn how to hack a Facebook on your own then read on; in this article we will explain in detail exactly how to do that.
Before we get into too much detail, it is worth noting that the methods below are somewhat generic which means that they will work for any social media website such as Instagram, Twitter, LinkedIn, SnapChat etc.
One of the most common ways to hack not only Facebook passwords, but passwords in general is by phishing. Phishing is very popular, mainly because it is so easy to set up a phishing page. Furthermore, detecting a phishing attack is getting harder and harder despite the numerous safety efforts done by browsers such as Google Chrome and Mozilla Firefox. For example, complex schemes such as homograph phishing attacks are next to impossible to detect by browsers and users alike.
So, in order to hack specific persons Facebook page, you will first have to design a page that looks exactly like the login page at Facebook, but on a different domain name. For example, you could register the domain name facebook-login.com, facebo0k.com etc. Essentially any domain name that at a first glance looks like facebook.com will work. The whole point of phishing is that the user clicks the phishing link from an email, forum or another media without suspecting anything. He then enters his username and password which is saved in the hackers database. Once the victim clicks the log in button he is redirected to facebook.com and can simply log in again on the real site.
A malicious hacker who want to hack Alex' Facebook account uploads a Facebook login page to his domain faceb00k.com. The hacker then sends Alex an email telling him that he needs to change his password. The email looks like a legitimate email coming from facebook.com so Alex happily clicks the link in the email that leads to the hackers' phishing page. Once Alex has entered his username and password it gets sent to the hackers email and he can now proceed to log into Alex FB account and do as he pleases.
Now, you might wonder how on earth Alex could have protected himself against the phishing attack. The main thing you can do is to never log into a page that was linked to. If you need to log into Facebook then manually type facebook.com in your browser. This way, you never expose your login details to the hacker since you never typed your username or password onto his site. Of course, this is very annoying in the long run however it is the best approach to protect your FB account against phishers.
You can also check the domain name of the URL to manually verify that the site is actually the one it pretends to be. This is generally a safe method as well, however advanced attacks such as homograph attacks will still fool you in this case.
Below, we have shown pictures of a couple of Facebook phishing sites, check them out and see if you can spot the differences between those and the real site.
Even though the above site has an SSL certificate, it is not authentic. People often confuse a site having an SSL certificate with it being authentic. Obtaining an SSL certificate these days is very easy as several services such as CloudFlare provide them completely free of charge.
While this URL does not contain HTTPS, it still looks very similar to the real Facebook domain.
This article is a work in progress, therefore we will gradually update it with new hacking methods so stay tuned.
This is yet another extremely popular and powerful method for hacking Facebook accounts. What makes this technique especially dangerous is the fact that it requires little to no technical knowledge and this is the main example on how to hack someones Facebook password for free. Any average Joe will be able to perform social engineer for FB account hacking at a basic level.
Basically, social engineering is the the technique of collecting as much personal information about the person behind an account as possible. Common details are stuff such as the date of birth, maiden name and cities whom the target has lived in; however more specific information is also collected such as the first pet name, the favorite highschool teacher, the favorite book etc.
Nowadays, the vast majority of websites include the option of resetting the password of the account in case the owner forgets it. In order to recover the password, the person needs to answer a question about a personal detail such as the ones previously mentioned. Naturally, only the account owner is supposed to know this but if a third party gets hold of this information then he/she could effectively hack the Facebook password of the targets' account.
Having a secure security answer is as important as having a secure password. Don't use information that is publicly known such as the city you were born in or your mothers maiden name. Hackers can look up this information online and thus reset your password. Additionally you might want to enable login alerts which can be activated through the Facebook security settings which will alert your through phone or email whenever an unknown user logs into your Facebook account. Furthermore, Facebook have recently introduced the option of choosing friends to help you log back in. In case you forget your password you can contact these friends and ask for their special codes which in turn can be used to log back into your account.
Security questions are only one aspect of social engineering. Another aspect is the password itself. Even if the hacker cannot guess the answer to your security question he might be able to guess the password of the account itself and therby "hacking" the Facebook account simply by logging in.
Just like the security answer, the password should be hard to guess and not include obvious details such as your birthday, your name, your favorite sports team etc. Keep in mind that information like this is extremely easy to look up on Facebook so you have to be extra careful when securing your account from Facebook password crackers.
One of the primary reasons people use social engineering is because it is one of the best examples on how to hack a facebook account password without downloading anything since the hacker can do it by simply messaging the victim.
While it isn't impossible to hack a Facebook password without software, it certainly is cumbersome. Therefore, if you are already a skilled hacker then you might be better off targeting a third party website that the target is already a member of. Your best option is to target a poor quality website since they tend to not sale or hash the passwords and simply store them in plaintext in the database.
The reason why this often works is due to the fact that the vast majority of internet users tend to reuse the same password for all their online accounts. Thus, if you can hack the password which the target used on a third party site then it is very likely that you just got the password of the victims Facebook account as well.
In order to find other sites that the target is using, try searching on Google for their name, interests or local communities that he/she might be a member of.
If you were unable to find/hack any third party sites that the victim is a member of, you might be better off creating your own third party website. If the target is interested in horses, create a local horse forum/community and invite him to join. Most likely he'll join and use his Facebook password to sign up. Now, simply look in your sites database and grab the password he signed up with and try logging onto Facebook by using it. If you're in luck, it will work and you have effectively hacked a Facebook account.
The first rule of thumb is to never trust low quality websites. You don't know who owns them, nor do you know how secure they truly are, regardless of whether or not they are using HTTPS.
The fact is, however, that even large legitimate sites are being hacked nowadays which demonstrates that you don't even have to know how to hack an FB account without the password to hack it. Linkedin and Twitter both got hacked a couple of years back so the truth of the matter is that there doesn't exist a "safe" location for your passwords.
The best way to handle this is to use a unique password for every single site you are a member of. This way, even if a site gets hacked it doesn't compromise the other sites you are a member of.
You might be scratching your head, worrying about having to remember 20 different password now. However, if you use a password manager you won't have to. A password manager is effectively a tool that securely stores your passwords and automatically logs you into whatever website you want to log into. Therefore you won't have to remember a single password. There are a lot of password managers out there, backed by different providers such as Kaspersky etc. Pick the one you like and stick to it.
Keylogging is the practice of logging keystrokes on a computer or smart phone and sending these logs to yourself to access.
Naturally, a keylogger runs as a background process and is thus invisible to the common user. Keyloggers function in different ways but generally they record every keystroke and send a report of those keystrokes to an email every X minutes. Nowadays, a lot of keyloggers are also able to log which program the keystrokes was typed into (eg. a browser) and even what website (eg. www.facebook.com). This means that if you log onto Facebook with a computer that has a keylogger installed, you will effectively send your login username and password to the owner of the keylogger. He can then log in to your account and have thus effectively hacked the Facebook account.
The hacker could also ask you to log in to your Facebook account on their computer on which they already have installed a keylogger. The same is possible for mobile phones.
If you are logging into your Facebook account from your personal PC then you shouldn't have to worry about getting keylogged. This is of course assuming you have an updated anti virus and haven't been infected by a third party.
If you, however, are logging into your Facebook account on another persons computer then you should definitely be careful since that computer could be infected, knowingly or unknowingly by the owner.
In this case, an on screen keyboard is a great solution that allows you to enter your password just like a physical keyboard would. An on screen keyboard will however not be logged by a keylogger since you enter keys by pressing buttons on the screen. You can access it through windows by pressing the WinKey + R or through your browser (most popular browsers have a built in on screen keyboard).
Unlike most other ways to hack a Facebook account that we have mentioned here, this method does not exactly hack the Facebook account by gaining complete control of the account but it does show how to hack someones Facebook messages for free. It generally gives the hacker access to a set of predefined actions such as liking and posting content.
Like most people, you have probably experienced being able to log into a site through your Facebook account. The thing is; you are actually logging in through a third party Facebook app that is not owned by Facebook itself. When you log in through a third party app for the first time, you will generally have to grant the application a set of permissions. These permissions can range from the application being able to view your friend list to posting comments on your behalf.
Here's a list of some of the more common actions that FB applications can be granted:
Of course in general, there are perfectly valid reasons to why an application needs to be able to post comments and updates on your behalf. The issue is however the minority of the applications which request this stuff in order to spam you and your friends.
Imagine this scenario:
You have granted an application the permission to share links on your account. However, unlike what you think, the application starts sharing all sorts of unrelated links on your accounts without you knowing about it. In this case, it might be a method for the application to spread itself to your friends accounts and thus forward.
Always be aware of which permissions you grant an application. Furthermore, be critical in regards to the reasons why the application needs rights to perform the actions it requests access to.
For example, it seems reasonable that a blogging platform would request access to share links on your Facebook wall (since you might want to share your blog posts on your Facebook wall), however, if a website that asks you to simple use Facebook to login requests these permissions than it might be due to malicious intent. A Facebook application should never request more permissions than those it needs, therefore never grant an app more permissions than you deem necessary.
While most people are very careful about installing programs on their PC, many tend to have a very lax atitude towards installing mobile phone apps.
If a company told you to install their app to get a discount, wouldn't you? And why not - Apple keeps their eyes on them... right?
The truth of the matter is that neither Apple nor Google can investigate every single line of code for every app the allow in their app stores. For this reason, hackers can release apps that steal your Facebook session tokens and transfer them right back to the hacker.
Once the hacker has the access tokens he can inject them in a browser and will not even have to log onto your Facebook account to access it. In fact, all he needs to do is to browse to www.facebook.com and he will be logged in to your account and that is really how to hack someones Facebook account in a simple way.
Much like software, you should exercise caution when downloading an app. Here are some pointers which, if followed, should keep your Facebook account secure.
A lot of hackers release malicious "Facebook hacking software" which they promote as being able hack a Facebook account password with the click of a button. The thing is; the developers are not exactly lying when they claim that they can hack Facebook passwords. The only drawback is the fact that it is YOUR FB password that gets hacked.
The software can hack your Facebook password in multiple ways:
The simplest way is to simply not download the software at all. In general these tools do not work. However, if you are uncertain then the best thing to do is generally to check out the reviews online. Any reputable Facebook hacker will have a Facebook page with reviews (just like Blue Portal do). Glance through the reviews and see if the overall consensus is that it is a scam or that it actually works.
Our best advice is really just to only use reputable online Facebook hackers like Blue Portal.
A hole in a browser's security is also known as a browser vulnerability. Generally, only older versions of browsers are vulnerable to browser exploits since the browser developers generally patch any issues as soon as they are made public.Loads of different subcategories of browser vulnerabilities exists and we are not going to explain exactly how each individual exploit works, but we are going to cover a few noteworthy:
In general, browsers recpect the same origin policy which limits responses to being read from only the same domain as the request came from. However, if a browser was to ignore the policy it would be possible for a hacker to request your Facebook settings page (from any domain) and then read the response and see your recovery email, secret questions, phone number etc.
We will cover this in detail in a later section.
Cross site request forgery is an attack that allows the attacker to execute unauthenticated actions on another web server. For example, an attacker could request an email change of your Facebook account or even send messages to your friends on your behalf. Sites actively combat this exploit by requiring an anti CSRF token for every request.
You can protect yourself against browser exploits by simply keeping your browser updated at all times. This is easy since most browsers update automatically whenever a new update is issued.
Often times, the hacker promises the victim that by running the code he'll be able to hack a Facebook account, view hidden Facebook messages or whatever else he want to do.
Once the hacker has access to your Facebook cookies he can do everything with your account including messaging people, adding friends, changing your settings and making posts on your wall.
Protecting against this FB hack is very easy. Simply never paste anything into your console, regardless of what the third party promises.
Trojan horses are malware that can control a victims computer, steal his passwords and see everything that is going on at his computer. Think of a trojan horse as an advanced keylogger. It can steal passwords just like a keylogger but it features an array of more advances features as well.
If you have been infected with a trojan horse then everything you do can be seen by the hacker. Whenever you log into Facebook he can view your username and password and even use your IP to log into your Facebook account himself (thus bypassing any IP restrictions from Facebook). For this very reason, a trojan horse is one of the most effective ways to hack a Facebook account since Facebook account restrictions doesn't help.
Obviously, the hacker will not advertise to you that he has installed a trojan horse on your computer. Often times it was installed along with a legitimate piece of software (a software bundle) thus the victim is infected with a trojan horse without even knowing it.
It is very important to realize that even if you follow the above tips, you will not be safe. No anti virus is bulletproof and it is relatively easy for a hacker to develop a new piece of malware that is undetectable by malware scanners. Therefore exercise extreme caution whenever you run a program you haven't ran before.
In general, Facebook tries its best to protect its users from being hacked from people who know how to hack into Facebook. However, every now and then a new exploit is discovered that penetates the system since Facebook is unaware of the exploit.
Zero day exploits is the opposite of patched exploits. When a zero day exploit is discovered, it is either reported straight to Facebook (and the hacker is generally rewarded a bounty using the Bug bounty Program).
If the hacker who discovers the exploit is blackhat then he might not want to disclose the exploit with Facebook. In this case he could hack a bunch of Facebook accounts and use them for his own good in order to spam other users and possibly earn even more money than what is being offered in the bug bounty program.
To be honest there is absolutely nothing you can do to protect yourself against a zero day exploit. Lucily zero day exploits are very rare so zero day hacks are in fact the least of your worries. Facebook are quite experienced in securing their site so newly found exploits generally don't work for too long.