Thursday, May 17, 2012

So You Wanna Hack Someone's Facebook

This theory's a little bit of a longshot but it can work with a little bit of luck and a little bit of the smart touch. A report indicates that with Facebook's "Three Trusted Friends" password recovery system, user accounts are actually pretty easy to hack into without knowing any sort of special code. The first step is to create three fake Facebook accounts and friend your targeted victim. This is where the luck and brains come in. You need to make sure that your victim accepts these friend requests and therefore you need to make them look like actual people that they might know. After they've accepted all three friend requests, the easy part begins. On the account login page, click the "Forgot your password" tab. That will take you to a page asking for either your email, Facebook username, or your name and a friend's name. Getting these details of your victims account is no biggie at all.
http://im.tech2.in.com/gallery/2011/jun/facebookhack_271609136116_640x360.jpg
Note the "No longer have access to these"
After this, you'll be taken to a page where you're asked to verify the account in question with a profile picture associated with the account (in this case, your victim's profile picture). A variety of ways to send a reset password will also be provided including the victim's phone number and email address. At the bottom of it all, there's an option that says, "Can't access these right now" which if you click on, takes you to the three trusted friends page. Here, you're given a list of the account holder's friends, and you choose the three friends you created. A reset password will be sent to those friends and you use that to hack into to your victim's account.

There are two flaws in this system, both of which are not too major. One, which is already mentioned, is the fact that your victim actually has to accept these friend requests. Two, when you choose the option of not having access to any of those email address, an email is sent to the victim saying that they have chosen to reset their password. They'll know that suspicious activity is going on with their account but they won't really be able to do anything since changing their password will not be effective. The most they can do is report back to Facebook that they haven't actually been trying to reset their account information.

Note: More than a how to hack someone's account, this is meant to be more of a warning. Be careful who you're accepting friend requests from and of course, respond to an email saying that you've requested to reset your password (when you haven't) immediately.

No comments:

Post a Comment