How to hack a Facebook account
How to hack a Facebook account or online Facebook hacker are some of the keywords that are searched for most these days. Throughout this (extremely long!) article, I will describe various methods on how a third party could have someones Facebook account password as well as how you can avoid getting your own Facebook account hacked.
I have been the head IT security for a major firm for a couple of years, and in private, people tend to ask a lot of the same questions:
- Do FB hacking software really exist?
- Where can I get a free online Facebook cracker?
- I have forgot my password. Do you know of a Facebook password finder?
- Can you teach me how to hack someones Facebook password?
Until we developed our patented Blue Portal Facebook Password Hacker, no tool existed that could hack a Facebook account automatically. A quick web search will show you that a lot of sites offer such services, however, I can guarantee you that our Facebook password hacker is the only working one.
Most of the other sites will either ask you to fill out a survey, or even make a payment to some foreign account. Even after doing this, you will still not receive an incorrect username and password since their Facebook hacker really does not work. All these fake services do is waste your time and money and for this reason, our FB password finder only asks you to make a payment once the account has actually been hacked successfully.
If you don't have any money, or simply want to learn how to hack a Facebook on your own then read on; in this article we will explain in detail exactly how to do that.
Before we get into too much detail, it is worth noting that the methods below are somewhat generic which means that they will work for any social media website such as Instagram, Twitter, LinkedIn, SnapChat etc.
It should be noted that this article is strictly meant for educational purposes. We are not responsible for any michief you might do as a consequence of reading this article.
One of the most common ways to hack not only Facebook passwords, but passwords in general is by phishing. Phishing is very popular, mainly because it is so easy to set up a phishing page. Furthermore, detecting a phishing attack is getting harder and harder despite the numerous safety efforts done by browsers such as Google Chrome and Mozilla Firefox. For example, complex schemes such as homograph phishing attacks are next to impossible to detect by browsers and users alike.
So... what is phishing?
In simple terms, phishing is the practice of replicating a popular website layout to such a perfection that it fools visitors into thinking it is the real site.
This allows the phisher to steal usernames and passwords from the visitor once he tries to log onto the phishing site with his real credentials.
So, in order to hack specific persons Facebook page, you will first have to design a page that looks exactly like the login page at Facebook, but on a different domain name. For example, you could register the domain name facebook-login.com, facebo0k.com etc. Essentially any domain name that at a first glance looks like facebook.com will work. The whole point of phishing is that the user clicks the phishing link from an email, forum or another media without suspecting anything. He then enters his username and password which is saved in the hackers database. Once the victim clicks the log in button he is redirected to facebook.com and can simply log in again on the real site.
Some people learn better by a practical example:
A malicious hacker who want to hack Alex' Facebook account uploads a Facebook login page to his domain faceb00k.com. The hacker then sends Alex an email telling him that he needs to change his password. The email looks like a legitimate email coming from facebook.com so Alex happily clicks the link in the email that leads to the hackers' phishing page. Once Alex has entered his username and password it gets sent to the hackers email and he can now proceed to log into Alex FB account and do as he pleases.
Now, you might wonder how on earth Alex could have protected himself against the phishing attack. The main thing you can do is to never log into a page that was linked to. If you need to log into Facebook then manually type facebook.com in your browser. This way, you never expose your login details to the hacker since you never typed your username or password onto his site. Of course, this is very annoying in the long run however it is the best approach to protect your FB account against phishers.
You can also check the domain name of the URL to manually verify that the site is actually the one it pretends to be. This is generally a safe method as well, however advanced attacks such as homograph attacks will still fool you in this case.
Below, we have shown pictures of a couple of Facebook phishing sites, check them out and see if you can spot the differences between those and the real site.
Even though the above site has an SSL certificate, it is not authentic. People often confuse a site having an SSL certificate with it being authentic. Obtaining an SSL certificate these days is very easy as several services such as CloudFlare provide them completely free of charge.
While this URL does not contain HTTPS, it still looks very similar to the real Facebook domain.
This article is a work in progress, therefore we will gradually update it with new hacking methods so stay tuned.
This is yet another extremely popular and powerful method for hacking Facebook accounts. What makes this technique especially dangerous is the fact that it requires little to no technical knowledge. Any average Joe will be able to perform social engineer for FB account hacking at a basic level.
Basically, social engineering is the the technique of collecting as much personal information about the person behind an account as possible. Common details are stuff such as the date of birth, maiden name and cities whom the target has lived in; however more specific information is also collected such as the first pet name, the favorite highschool teacher, the favorite book etc.
So how does social engineering work?
Nowadays, the vast majority of websites include the option of resetting the password of the account in case the owner forgets it. In order to recover the password, the person needs to answer a question about a personal detail such as the ones previously mentioned. Naturally, only the account owner is supposed to know this but if a third party gets hold of this information then he/she could effectively hack the Facebook password of the targets' account.
How to make up a good security answer
Having a secure security answer is as important as having a secure password. Don't use information that is publicly known such as the city you were born in or your mothers maiden name. Hackers can look up this information online and thus reset your password. Additionally you might want to enable login alerts which can be activated through the Facebook security settings which will alert your through phone or email whenever an unknown user logs into your Facebook account.
Furthermore, Facebook have recently introduced the option of choosing friends to help you log back in. In case you forget your password you can contact these friends and ask for their special codes which in turn can be used to log back into your account.
Do not use weak or obvious passwords
Security questions are only one aspect of social engineering. Another aspect is the password itself. Even if the hacker cannot guess the answer to your security question he might be able to guess the password of the account itself and therby "hacking" the Facebook account simply by logging in.
Just like the security answer, the password should be hard to guess and not include obvious details such as your birthday, your name, your favorite sports team etc. Keep in mind that information like this is extremely easy to look up on Facebook so you have to be extra careful when securing your account from Facebook password crackers.