What if by chance you have logged in to your Facebook account from your friend’s device but have forgotten to log out and he uses the most simplified way of hacking and changes your password forever?
You must be thinking “Nah, that’s impossible, he cannot change my password without knowing the current password”. Well I’m sure as hell it is possible.
UPDATE 3/12/2015 – This hack has been patched by Facebook though this post is still good for education purposes.You might want to have a look at our new Facebook hacking posts.
When we talk about hacking, especially in today’s world, we always think that it requires some high-level programming skills. Well may be it does but when it comes to terms like “Facebook Hacking” the only thing you need is a creative mind which you can use for easiest ways of Social Engineering.
Today I’m going to tell you how to Hack your friend’s Facebook password without knowing his current password. What this Hack requires is –
• Like i said ‘A creative Mind’ for Social Engineering
• Access to the victim’s Facebook account
HACKING YOUR VICTIM’S MIND
Let’s say that you do have a ‘A Creative Mind’. So all you need to do is make sure that your victim signs into his Facebook account from YOUR PC or Mobile Phone and does not log-out. If i were you , i would have preferred Mobile Phone over PC. That way i can use various methods of social engineering like –
• I would make him use my cellphone to open Facebook and then after sometime i would call my cell phone from some other number so that he doesn’t have time to log out. Then all i need to do is to make sure that my fake call is long enough to fade away the thought of logging-out from his mind.
• If you want to use PC then all you need to do is take the mouse away from him after he enters the password ( obviously using Social Engineering ) and tick the “keep me logged in” button ( AS SHOWN IN THE IMAGE BELOW ). Then close the browser window after sometime and give him some dopey reason for doing that OR you can also turn your off PC directly from the power supply (although that would damage your machine so avoid doing that). That way his account won’t be logged out even if you close the browser windows directly or turn off the PC.
NOTE: Social Engineering doesn’t mean that you should be expecting your victim to be Dumb. It means that you should always be the smartest person in the room. One way or the other you should get what you want.
CHANGING THE PASSWORD
Let’s say now you do have access to your victim’s account. So the question arises how do i change his password. After all Facebook does not allow you to change your password without knowing the current password. Well what if somehow it does.
I searched on Facebook help centre “how to change your Facebook password without current password” and found out this amazing trick. I am not sure why Facebook created this service which most of the time can be used for unethical means. This service was created by Facebook to change your account password without entering your current password in case someone has used your account without your permission and you think your account is insecure. But as the saying goes every coin has two sides.
Here are some simple steps to follow to change the password without even knowing the current password
1) After opening your victim’s already logged in account , open the link below.
You would see something like this : –
2) Click the continue button as shown
3) Fill up the New Password and Confirm Password and hit continue
4) You can even change the email to keep the account completely out of victim’s hand. Let’s say i don’t want to do that so keep the email same
5) Facebook will ask you if anyone knows the password for the email you entered . Just tick the radio button and click continue.
Thats it. You now have complete access to his account. You can even change his email. And all he can do is get annoyed, irritated and confused when he tries to log in.
HOW TO PREVENT YOURSELF FROM SUCH ATTACKS
Social Engineering has been around for a while, and you only need to think about your surroundings and do reconnaissance on your target to figure out a way to get to information. People say, “It would never happen to me, I wouldn’t fall for something like that.” Well the scary part is that you won’t even know that you are being interrogated by the attacker.
Here are some tips that i follow to prevent myself from such attacks –
1) Don’t log in to your account from someone else’s device. If you do, just make sure you log out. The attacker will try his level best to make sure you don’t log-out but you should not lose your senses.
2) Never tick the “keep me logged in” as described earlier. You must be thinking ” I only do that when I’m on my own PC. Why would i do that when I’m not on my device? “. But trust me sometimes it becomes habit and your reflexes makes you do that even when you don’t want to. It’s Biology. You can’t help it.
3) Whenever you go to Cyber cafe, make sure you log-out when you leave.
4) Let’s say that somehow you do forgot to sign-out of your account on a public computer or your friend’s device. What should you do then? CHANGE YOUR PASSWORD. If you are lucky, the person might be late to Tamper with your account. If you change your password, Facebook will remotely log-out from all the devices that you are logged in.
You can learn more about protecting yourself here and if you want to learn more about social engineering you can check out these guys who are amazing on www.social-engineer.org
Disclaimer: I have written this post to make people aware of the most basic forms of hacking.
If you’re into hackstories, sign up for the hackstories email list and we’ll send you the new posts right when they come out. It’s a very unannoying list, don’t worry.
You may(you will) also like :
Hack Facebook Password of a girl using a crappy Nokia phone