8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

HOW HACKERS HACK FACEBOOK ACCOUNT IN

MINUTES AND ITS PREVENTION
By Laxman Muthiyah - Last Modi ed : August 29, 2017

How to hack a Facebook account online?

Hacking Facebook / Facebook Hacker is one of the most searched and hot topics around the
Internet, like Gmail hacker. I have prepared a detailed list of how hackers can hack
someone’s Facebook account easily in just a few minutes and how could we prevent
the same. Online updated version of this article can be read here.

If you are here to find a way to recover hacked Facebook account, then
our facebook recovery article will definitely help you!

Being a FB whitehat hacker, I get following questions frequently from the people:

Is there any online Facebook cracker tool?

Where can I get FB hacking software from?
Is there any free Facebook password finder?
How can I hack someone’s facebook account easily?

To the best of my knowledge, there is no such tool. You won’t be able to find it anywhere.
However, if you google it, you would find many websites claiming that they are providing
free hack tool either online or offline, but you cannot download the password file without
completing a survey. Even after going through a tiresome process of completing a survey, you
get nothing in the end. These things are posted only with the intention of making money.
Don’t waste your precious time in searching such hack tool.

If you want to know how hackers can hack someone’s Facebook account, please go
ahead and read the techniques listed below. The most successful method among all of these

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 1/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

techniques is PHISHING. Phishing enables someone with no or little technical

knowledge to hack Facebook account’s password easily in just a few minutes.

Check out this phishing guide to know more about PHISHING!

Some of the techniques listed below are not applicable only to FB, rather they are applicable to
all daily used internet websites, such as Google, Twitter, Yahoo etc.

You won’t be vulnerable to hacking if

you understand how hacking works

This article is written with the aim of educating people about how hacking works
and how should they prevent it. Please don’t use these techniques for malicious
purposes.

12 ways to hack someone’s FB account |

Prevention and Safety Measures – 2017
1. Phishing
2. Social Engineering
3. Plain Password Grabbing
4. Key Logger
5. Browser Extension Facebook Hacker
6. Malicious Facebook Application Hack
7. Facebook Account Hacker Software
8. Malicious Mobile Application
9. Browser Vulnerabilities
10. Self XSS
11. Trojan Horses
12. Facebook Zero Day

1 Phishing  

Phishing is the most common technique being used for hacking FB passwords. It is very easy
for someone who is having little technical knowledge to get a phishing page done. That is why
phishing is so popular. Many people have become a victim of Phishing page due to its
trustworthy layout and appearance.

How phishing works?
In simple words, phishing is a process of creating a duplicate copy of the reputed
website’s page with the intention of stealing user’s password, or other sensitive

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 2/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

information like credit card details. In our topic, it means creating a page which perfectly
looks like Facebook login page but in a different URL like fakebook.com, or faecbook.com, or
any URL which pretends to be legit. When a user lands on such a page, he/she might think
that is real Facebook login page, asking him/her to provide his/her username and password.
So, the people who do not find phishing page suspicious might enter their username &
password. The password information will be sent to the Facebook hacker who created the
phishing page. At the same time, the victim gets redirected to original FB page.

Example : John is a programmer. He creates a FB login page with some scripts that enable him
to get the username and password information. John puts this fake login page in
https://www.facebouk.com/make-money-online-tricks. Peter is a friend of John. John sends a
message to Peter, “Hey Peter, I have found a free trick to make money online easily, you
should definitely take a look at https://www.facebouk.com/make-money-online-tricks-free”.
Peter navigates to the link and sees a Facebook login page. As usual, Peter enters his
username and password of FB.

The hacking part

Immediately, the username and password of Peter was sent to John and Peter gets redirected
to a money making tips page https://www.facebouk.com/make-money-online-tricks-tips-
free.html. That’s all; Peter’s Facebook account is hacked.

Please note that phishing can be done by a third person through emails; that is how it
happens most of the time. So always beware of phishing emails, else you may lose your
Facebook account, or credit card details, or any other sensitive data. Learn more about
phishing.

How could you protect yourself against online FB phishing?

Hackers can reach you in many ways; email, personal messages, FB messages, website ads
etc. Clicking any links from these messages would lead you to a Facebook login page.
Whenever you find a FB login page, you should note only one thing which is URL. Because
nobody can spoof / use Facebook URL except when there are some XSS zero day
vulnerabilities, but that’s very rare.

1. What is the URL you see in browser address bar?

2. Is that really https://www.facebook.com/ (Trailing slash is very important, since
it is the only separator in Google chrome to distinguish domain and sub domain.
Check out the below examples to know the difference)?
3. Is there a green color secure symbol (HTTPS) provided in the address bar?

Bearing these questions in mind should prevent you from getting hacked of online phishing
pages. Also, see the below examples of phishing pages.

Some super perfect phishing pages are listed below.

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 3/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

Facebook Phishing Page – Note the misleading URL

Most of the people won’t suspect this page (snapshot given above), since there is https prefix
with green color secure icon and there is no mistake in www.facebook.com. But, this is a
phishing page. How? Note the URL correctly. It is
https://www.facebook.com.infoknown.com. So, www.facebook.com is a sub-domain of
infoknown.com. Google Chrome does not differentiate the sub-domain and domain unlike
Firefox does.

SSL Certificates (HTTPS) can be obtained from many online vendors. A few vendors give SSL
Certificate for Free for 1 year. It’s not a big deal for a novice to create a perfect phishing page
like this. So, beware of it.

Facebook Phishing Page – Note the misleading URL.

This is a normal FB Phishing page with some modification in the word Facebook.

Do you want to make money online with zero investment? Then do read
our blogspot tutorial to know more!

2 Social Engineering
This is the second most common technique of hacking Facebook accounts. In fact, this method
shouldn’t come under Hacking, since much knowledge is not required for this method. I am
listing this method under hacking to ensure the list of most common techniques being used for
FB account hacking in their respective order. Social engineering is basically a process of
gathering information about someone, whose account you need to hack. The gathered
information includes date of birth, mobile number, boyfriend / girlfriend’s mobile number,
nickname, mother’s name, native place etc.

How Social Engineering works?

Security Question
https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 4/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

FB-Social-Engineering-Security-Question

Many websites have a common password reset option called Security Question. Most
common security questions would be:

What is your nickname?

Who is your first grade teacher?

What is your native place?

or

Any custom questions defined by user.

Obtaining such information from the respective people might let us hack into their account.
Facebook too provides security question as a password recovery option. So, if anyone gets to
know the answer of it, they could hack account using forgot password option.

Most Common and Weak Passwords

Security Question does not let you get into others FB account easily. But, setting a weak
password could easily allow any of your friends to hack your account.

What is a weak password in this scenario?

A password which can be easily guessed by a third person is called weak password.

Below are some of the most common passwords people tend to use on Facebook.

Mobile Number
Nickname / Name and Date of Birth Conjunction
Boy Friend’s Mobile Number / Girl Friend’s Mobile Number – Most of the lovers
Girl Friend’s / Boy Friend’s Name – Most of the lovers
Boy or Girl Friend Name Combination
Bike Number
Unused / Old Mobile Number
Pet Name
Closest Person Name (can be friends too)
https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 5/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

Now, be honest and comment here if you are one of the people who have any one of the
common passwords mentioned above. Don’t forget to change your password before making a
comment

How can you protect yourself from Social Engineering? 

Security Question

Don’t have a weak or familiar security question/answer. Therefore it should be

known only to you. You can set your Facebook security question here. Additionally, FB
provides an option called “Login Alerts” under Facebook Security Settings. You should add your
mobile or email there to get notified whenever your Facebook account is logged in to a new or
unknown device.

Most Common and Weak Passwords

It is very simple. Change your Facebook password now if you have any one of the weak
passwords stated above.

You might also be interested in hacking facebook fan page article

3 Plain Password Grabbing

This is another common method being used to steal Facebook user’s password. Most people
are unaware of this method, but traditional hackers use this method to hack user accounts.

How Plain Password Grabbing works? 

In this method, the Facebook hacker / attacker targets a particular low quality website, where
the victim is a member, and hacks their database to get the stored plain username & password
of victim.

How could the hacker / attacker get access to Facebook?

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 6/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

Many of us use the same password for FB and some poorxyz.com. So, it’s easy for a
Facebook hacker to get your password through the low quality poorxyz.com.

In another scenario, the Facebook hacker / attacker creates a website with the intention of
getting victim’s password. Whenever a user signs up or registers his account using email and
creates a password, those details will get stored in their database of the hacker / attacher. So,
hacker / attacker gets your email and password. Common people, who use same email and
password for these kinds of low quality websites, might end up getting their Facebook account
hacked.

How could you protect yourself from Facebook Plain Password

Grabbing? 
You should never trust third party low quality websites. Even the passwords of popular
websites, like LinkedIn, are getting hacked. So, never and ever trust third party low quality
websites.

Most of the website developers are storing plain passwords in database without even thinking
about encryption or security. This makes Facebook hackers’ job easy, since the password is
stored as plain text.

Best way to prevent this method is to have a unique password at least for websites
that you really trust. Don’t use your FB password for any other website/portal, so your
password will never get exposed.

4   Key Logger

Key logger is a software tool used to record keystrokes of a computer or mobile devices. This,
in turn, records everything you type using your keyboard and store it for

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 7/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

use. Generally, key loggers are installed as application software in operating systems to track
key strokes, but there are hardware key loggers as well.

Hardware key loggers also known as physical key loggers attached to a computer in a USB
port records everything before it sends the keyboard data to the computer. There are various
mobile key loggers, which perform the same action in various operating systems.

How Key Logging works?

All key loggers run in background (except trail versions) and won’t be viewable to users until
you know the key logger password and shortcut used to view it. It will record all the keys
pressed and give you a detailed report of when and what keys are used for what application –
Simply, a clean report to identify passwords.

Anyone who is reading the key logger logs might be able to see the Facebook password or any
passwords typed and sensitive information, like credit cards, bank username, password etc.
Whenever you login to a public computer, there are chances to get your password hacked.

Hardware key loggers could be easily identified in case of your personal computer, but is hard
in case of public computers.

In another scenario, your friend/colleague/neighbor could ask you to login using their
computer as a help. If their intention is to get your password, then you are most likely to get
your FB account hacked.

Now-a-days, many people are using mobile key loggers. It enables to track the keypad of
mobile. So, any sensitive information typed in mobile could be hacked easily.

How could you protect yourself from Key Logging?

You need not be afraid of key loggers when you use your personal computer, since you are the
only one who is going to access it. But, whenever you use any public computer or your friend’s
computer, you should not trust it.

I always suggest my friends to use On Screen Keyboard whenever they are in need to type a
password. Also, please make sure that nobody is checking your screen when you type your
password, since your screen would expose what you had typed. In windows, there is an inbuilt
tool called On Screen Keyboard that helps us to select keys using mouse.

You can open OSK by using Run dialog box. WinKey + R opens Run dialog box, type osk
and then press enter. Now-a-days, many banking portals provide a screen keyboard in
browser itself. So, please make use of it whenever you are surfing in public computers. On
Screen Keyboard helps even when hardware key loggers are installed.

5 Browser Extension Facebook Hacker

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 8/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

This method doesn’t let the Facebook hacker / attacker give complete access to your Facebook
account, however gives some power to control your account indirectly. I’ve seen multiple
Google Chrome and Firefox add-ons, which secretly perform actions, like following a person,
liking a page on behalf of your Facebook profile, etc.

How Browser extension Facebook hack works?

When you visit some malicious websites or webpages, you will be prompted to
install a browser add-on. Once you install the add-on, it will perform all the tasks described
by Facebook hacker or attacker who created it. Some primary actions are posting status
updates in your wall, liking a FB page, following a person, adding you to some Facebook
groups, inviting your friends to like a page, or join a Facebook group etc. You may not know
these things happening in your FB account except when you check your Facebook activity log
periodically.

How could you prevent browser extension Facebook hack?

You can monitor your activities using a Facebook feature called Activity Log. You should not
trust any third party websites prompting you to add a browser extension. Install add-
on only if you trust the publisher. Why should you take risk if you don’t know the publisher or
intention of the add-on? So always stay away from these malicious browser extensions.

6 Malicious Facebook Application Hack

All the apps you use in Facebook are owned by third party and not by Facebook. Of course,
there are a few exceptions like Instagram. A malicious application, which is requesting your
permission, could do almost all kind of stuffs in your Facebook profile.

How malicious Facebook application hack works?

Whenever you find Login using Facebook option in any website, you should come to know that
it is a third party Facebook application not owned by Facebook. When you click Login using
Facebook, you will be shown a permission dialog box with the requested permission details.
Once you click okay button, the requested details can be accessed from FB or the requested
actions can be performed in your FB account on your behalf.

What could a third party application do in your Facebook account?

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 9/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

Post photos and status update

Share link to your timeline or to any group you belong
Manage your page
Post on behalf of you on the Facebook pages you own
Access your personal information
Access your photos including “Only me” privacy photos; sometimes they can access your
mobile photos using a Facebook vulnerability like the one I found (Don’t worry, it’s
completely fixed now ).

These are just examples of what could be done. What if the application you are using is
malicious? It could spam your Facebook account with bunch of worthless contents.

How could you prevent yourself from malicious Facebook application

hack?
You should always be aware of what permissions you give to a Facebook application
even though FB is reviewing application’s permission requests. Don’t give permission to an
application if you don’t trust the website or application.

FB Application Permission Dialog Box

You can edit the information that you give to an application in the permission dialog box
(snapshot given above). Also, you can review the applications that have access to your
Facebook account here.

7   Facebook Account Hacker Software  

You might have seen or downloaded many Facebook account hacker software, but none of
them could truly hack Facebook password. Hacking your Facebook password is what it actually
https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 10/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

does.

How Facebook account hacker software works?

People who try to hack Facebook account usually download softwares that are available on
various websites. The software will collect the victim’s password (the one who downloaded this
software) as soon as it is opened or installed. Few softwares prompt you to enter Facebook
username and password. They will store your password in their database collection of
passwords. Few other softwares gain administrative privilege from you to install background
key logger to get your Facebook password.

How could you prevent yourself from Facebook hacking software?

Don’t trust Facebook hacking software. There is no such true hacker software available in the
Internet as I have said earlier.

8   Malicious Mobile Application  

There are a lot of mobile applications that secretly steal Facebook access token from your
mobile device. Facebook mobile app functions through API, where access-token stored in your
mobile’s internal memory is used for authentication. It is more like your username and
password. So, if someone steals your access-token, then he/she is likely to have full access to
your Facebook account.

How malicious mobile application software works?

Facebook Application Interface does not require username or password every time to get user
data. It just needs secret access-token to retrieve user’s data. Facebook mobile app stores the
access token in mobile’s memory. This app’s part of memory should be accessed only by the
application. Mobile apps that have administrative privilege can access other app’s data. For
example, gaining admin privilege in a rooted android phone could allow an application to steal
your Facebook access token. A hacker can do a lot of malicious things if he/she gets your
Facebook access token.

How could you prevent yourself from malicious mobile applications?

Install mobile apps only from trusted publishers.
Don’t root your mobile device.
Logout Facebook from your mobile device frequently to get your access token expired.
Change your Facebook password frequently.

9   Browser Vulnerabilities  

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 11/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

Browser Vulnerabilities are security bugs, which exist in older versions of mobile and desktop
browsers.

How browser vulnerabilities works in Facebook hacking?

Most browser vulnerabilities are exploited through an older version of browser, since all the
zero days are patched by browser vendor once it is reported by researchers around the world.
For example, Browser Same Origin Policy Vulnerability could allow a hacker / attacker to read
response of any Page like Facebook and could be able to perform any action in your Facebook
account, since they are able to read the response by accessing the Facebook origin. Android
Chrome SOP bypass by Rafay Baloch is one such vulnerability that is affecting Android web-
view in Android < 4.4.

How could you prevent yourself from browser vulnerabilities?

You should always update your browser and operating system once there is an
updated version available. Keeping an older version always has many risk factors involved.

Also read our how to Unblock YouTube, Facebook and other websites easily

10   Self XSS Scam  

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 12/13
8/29/2017 How Hackers Hack Facebook Account In Minutes and Its Prevention

Self XSS is also known as Self Cross Site Scripting. XSS is basically a web security
vulnerability, which enables hackers to inject scripts to web pages used by other users. What
is self XSS then? Self XSS is a kind of social engineering attack, where a victim accidentally
executes a script, thus exploiting it to the hacker.

How Facebook self XSS scam works?

In this method, hacker promises to help you hack somebody else’s FB account. Instead
of giving you access to someone else’s account, the hacker tricks you into running malicious
Javascript in your browser console that gives hacker the ability to manipulate your
account. Facebook hackers use this technique to add you in groups, add your friends to
group, post in your wall, add your friends in comments etc.

How could you prevent yourself from self XSS?

Self XSS is something that you let hackers to hack your account. So never and ever copy &
paste code given by someone in your browser, otherwise you will get your Facebook
account hacked.

11   Trojan Horses  
Trojan Horse is a malicious program, which is used to spy and control a computer by
misleading users of its true intent. Malware Trojan can also be called as Remote Key Logger,
since it records key strokes of all the applications of our computer and sends it to the hacker
online.

How Trojan Horse Facebook hacking works?

A software you think legit might be a trojan. A PDF you don’t suspect might contain a
trojan. An avi media file given by someone might be a trojan. Trojan horse runs in the
background process, collects information and send it to hacker. Trojan Horse can be sent in
any form through any medium, like pen drive, ipod, website, or email. In our topic, Trojan
records FB password that you have typed in your browser and sends it to the
Facebook hacker using Internet.

How could you prevent yourself from Trojan?

Do not
install programs from unknown online sources
play media files received from unknown source
open any kind of files downloaded from untrusted sources
insert pen drive from any suspicious people.

Have an updated anti-virus software installed in your computer.

Having an updated anti-virus software does not guarantee you to stay safe from hacking.
Basically, an anti-virus software is a collection of detected malware and viruses. Its job is to

https://www.7xter.com/2016/08/hacker-hack-facebook-prevention.html?alskjdlfkjsdklfj 13/13