Jump to content
xisto Community
Sign in to follow this  
web_designer

My Facebook Account Got Hacked!

Recommended Posts

well i am not quiet sure but mostly i think that my facebook account got hacked. because i have two facebook accounts. so when i was in my other account, i saw a link posted on my wall from my other account!!!for the first few seconds i was like this :huh: because i can't be in two places at once, right?? and later i noticed that this link is posted on my friends wall too.so certainly it wasn't me, and my account got hacked :( and till now i didn't do anything but changing my password. so any suggestions or anything else i could do??thanks in advance.

Share this post


Link to post
Share on other sites

Hey web_designer!Sorry to hear about this.Have you been using any applications on Facebook recently that are new and you haven't used before? If so, revoke access to the applications here: /login.php?next=https%3A%2F%2Fwww.facebook.com%2Fsettings%2F%3Ftab%3Dprivacy&_fb_noscript=1 and then click "Edit your settings" down on the bottom left then click remove and select the applications you do not trust to remove them.Good move changing your password, if you have not already, may I recommend also turning on login notifications by visiting here: /login.php?next=https%3A%2F%2Fwww.facebook.com%2Fsettings%3Fref%3DmbClick&_fb_noscript=1 the "change" beside account security and select "yes" and submit.This means you will get an email telling you the times when you login in the future to prevent unauthorized access.Good luck!Sean

Share this post


Link to post
Share on other sites

On facebook it self there is a forgot your password link just under sign in... Click it...Forgot your password? Enter your login email or mobile phone number below and fill the security check. If you use your email, we will send you an email with a link to reset your password. If you use your phone number, we will send you an SMS with a link to reset your password. If you have not confirmed your mobile phone number with us, you cannot use it to reset your password.If who ever hacked your account did manage to change your email and phone no then try the have a different problem link.... If you have a different problem accessing your account, please see our Login Problems Help Page.My email address or my Facebook account has been hacked.See our Security Help Center page here.There just choose the above and try again....If its just the problem from the post you got on the other account then its just a application you installed and theres a timer to go off every day and post loads of adds on your friends wall... Just disable that application....

Edited by Maggot (see edit history)

Share this post


Link to post
Share on other sites

It is also nice to let the facebook admins know about this problem. I once have this 'hacked' account and it was not due to signing my account on a bogus site unless Disqus system is a bogus one which is unlikely or an application that was recently installed instead part of facebook's API/code was compromised by a rebel application that one of my friends have. Due to the way facebook stores login and credentials and other stuff, the viral approach of this rebel application was able to hijacked my account and changing password never worked. They put my account for checking for 2 weeks and the problem suddenly disappears. Pinpointing who of my 650+ friends have subscribe to the rebel application was hard. As a rule of thumb, when a sudden 'hacking' attempt was done, remove the last friend you have added. He/she may be one of the link used to compromise your account. I also develop some apps on facebook and sad to say that facebook lack a solid security system and was starting to become myspace/friendster where security is just a joke.

Share this post


Link to post
Share on other sites

thank you guys for your reply.@seankelly, thank you for the links you gave me i did what you said, i forgot about the applications. thanks god you reminded me. and checked that check box in account security. @maggot, and vhtortex thank you guys for your help. i changed my password already and now i can enter my account and nothing weird happened since then. i will keep what you said in my mind in case this will happen again.

Share this post


Link to post
Share on other sites

Wow it's lucky that you didn't lose your facebook account or anything like that but it looks like in this case it wasn't exactly hacked, and since you didn't mention what that link was, I can only guess that some application sent it. I have two facebook accounts too and I use one for games and other applications while the other one which I use for friends is completely clear of any sort of applications. I think it's a good idea to remove all applications from your main account and use it only for networking, while you can try out all sorts of crazy apps with your other account :) It's up to you in the end, but in this way you can relieve yourself of this sort of worries.

Share this post


Link to post
Share on other sites

I think it's a good idea to remove all applications from your main account and use it only for networking, while you can try out all sorts of crazy apps with your other account It's up to you in the end, but in this way you can relieve yourself of this sort of worries.

totally agree

 

and as a program creator with facebook apps.. i can see the whole profile of anyone who visits my application and this application in question is not hosted on facebook but on http://forums.xisto.com/no_longer_exists/ which is my site.

 

here are the things that i can see which surely is also available to spamming/viral programs on Facebook.

1. full name

2. birthday

3. marital status

4. join date

5. school

6. address

7. friends (sometimes they don't work and you can't write on their walls unless they also visit your application page)

8. email (sometimes it work and sometimes it does not, no idea if this is standard or just a bug)

and last, userid which identify you on facebook and was also used to get items 1-8 and have this format 100000025xxxxxx. basically it was your database ID and signifies how many registered before you do which is on my example says at least 25million registered before me.

 

and I can write on your wall using this info without you knowing it. which of course on viral/spamming softwares on Facebook will contain links and text or even images that will trick your friends to visit the same application page. this is possible since facebook uses a combination of cookie and session to maintain cross site login.

Edited by vhortex (see edit history)

Share this post


Link to post
Share on other sites

I think it's a good idea to remove all applications from your main account and use it only for networking, while you can try out all sorts of crazy apps with your other account It's up to you in the end, but in this way you can relieve yourself of this sort of worries.

 

totally agree

 

and as a program creator with facebook apps.. i can see the whole profile of anyone who visits my application and this application in question is not hosted on facebook but on http://forums.xisto.com/no_longer_exists/ which is my site.

 

here are the things that i can see which surely is also available to spamming/viral programs on Facebook.

1. full name

2. birthday

3. marital status

4. join date

5. school

6. address

7. friends (sometimes they don't work and you can't write on their walls unless they also visit your application page)

8. email (sometimes it work and sometimes it does not, no idea if this is standard or just a bug)

and last, userid which identify you on facebook and was also used to get items 1-8 and have this format 100000025xxxxxx. basically it was your database ID and signifies how many registered before you do which is on my example says at least 25million registered before me.

 

and I can write on your wall using this info without you knowing it. which of course on viral/spamming softwares on Facebook will contain links and text or even images that will trick your friends to visit the same application page. this is possible since facebook uses a combination of cookie and session to maintain cross site login.

 


Wow thanks for letting us know about that vhortex - I always wondered what sort of info the app developer had access to. What you said has only strengthened my resolve not to let any app come near my main networking account, while I can use as many apps I like on my gaming account! :P

 

Oh, and I see that you quoted my words from the previous words but didn't use the quote tags. If you can still edit this post please do so before a mod notices ;)

Share this post


Link to post
Share on other sites

yeah thank you vhortex for those information. it is really useful, from now on i won't use any new application. i already deleted a lot and kept only few who i use them long time ago. also i deleted my personal photos and set more privacy setting. hope that will work and not seeing another links posted on my wall's friend again.

Share this post


Link to post
Share on other sites

As said earlier, uninstall applications. Plus stop using facebook connect as way to connect or login to some sites. There is flaw with that as well these days. If applications are removed and still you're facing issues with the facebook then i suggest you to avoid visiting some group pages or profiles where there is apps running with weird JS.

Share this post


Link to post
Share on other sites

As said earlier, uninstall applications. Plus stop using facebook connect as way to connect or login to some sites. There is flaw with that as well these days. If applications are removed and still you're facing issues with the facebook then i suggest you to avoid visiting some group pages or profiles where there is apps running with weird JS.


I agree - using Facebook to link with other sites can be really risky if the site is not trustable. I would suggest logging out of facebook after every use so that even if we visit another site with facebook apps, they won't link to us automatically.

Share this post


Link to post
Share on other sites

As said earlier, uninstall applications. Plus stop using facebook connect as way to connect or login to some sites. There is flaw with that as well these days. If applications are removed and still you're facing issues with the facebook then i suggest you to avoid visiting some group pages or profiles where there is apps running with weird JS.


hmm, i never thought of that before, or in fact i never do it in the account i am talking about now, but it is a very reasonable idea. thanks for mentioning that to me. i will keep it in my mind to avoid the risks and to keep my account secure.

Share this post


Link to post
Share on other sites

I agree - using Facebook to link with other sites can be really risky if the site is not trustable. I would suggest logging out of facebook after every use so that even if we visit another site with facebook apps, they won't link to us automatically.

That's not really true... There isn't really a way that the people can access your Username/Password just because you use Facebook to login to their site. You could even do that in my site and there is NO way that I could access the info that is passed between Facebook, my API code and my site.

The thing I think that you should REALLY be worried about is the APPS inside FACEBOOK it self, many of them are plain EVIL and they do steal your private info and sell them to companies... That's why I rarely do those quizzes and those games... thats probably why Facebook's privacy policies are in shatters :)

Share this post


Link to post
Share on other sites

Oh, and I see that you quoted my words from the previous words but didn't use the quote tags. If you can still edit this post please do so before a mod notices ;)


I was trying to edit it but I can't, strange that I can edit it now.

@deadmad7
yup correct, there is no way to steal the username and password since it is still Facebook who grants the login and not the third party website unless of course the login screen is fake.

***********
About the apps on Facebook, it looks like most of them are just being served inside a frame. Everything was being passed via API calls and dropping cookies on your computer which can then be picked up by third party websites aimed to steal the cookies. I am not viewing the cookies as evil, it is Facebook's poor security on it's API libraries.

I just discovered the flaw when I accidentally posted on all the walls of 3 of my friend's friend list. It's odd since Facebook should block them but I was able to do it. Too bad that gives me bad publicity for my website and it was labeled as spam which is of course not since the posted content was about a movie and a game review summaries with links to my blog which is being served on irregular intervals to 500+ casual gamers and movie goers.

My working apps only do this things, feed RSS data via Facebook for those who wants them and post a summary of a blog post on my website. Lastly is to allow Facebook users to post directly on my blog with no login which is later on replaced by disqus system. My Facebook apps page only shows a dot to discourage people to subscribe to it since it was not the intended purpose. I only write to the general wall. The extra info was noticed when i do a dump of what I got from the API. Somehow, some people love to stare at the dot and tried to wait what will happen despite the notice that I will only show a dot. ;)

Facebook will only pop out the 'allow this program to.....' box when you are trying to visit the page and grant it access though this process is really optional for evil developers.

Share this post


Link to post
Share on other sites

I am sorry to hear that your facebook account got hacked but I am sure that is totally hacked and someone in the net have your password because it?s evident with this type of strange use of your account. You can do a lot of things and I recommend you first to try to seek who or where you possible got hacked your account and maybe you are the victim of a Social Engineering truck or something because I don?t believe that your account got hacked by a trojan horse or a virus, the most possible is that you were using your account in a public place, like a cybernet internet service and the people who work there have installed some programs like Cain & Abel that is a program who record all the password used in the computer and the directions of mail of your accounts and I personally have installed this program in some place where I worked and I stole a lot of twitter, facebook and hotmail accounts. I stole like 200 accounts but I got bored using them to read emails that weren?t mine. So I never damaged to anyone but I could to steal a lot of accounts with this method. I think that you are a victim of this method maybe or some type of social engineering because it?s very typical to hear this here in my country where a lot of people use the public internet in a lot of places and be exposed to some simple but powerful programs like Cain & Abel and some others. Once you have determine the possible way of the hack you have to take the preventive actions and change inmediately your password of your facebook account and of your e-mail directions, because there is the posibility of being hacked from your e-mail direction and this could be the way to hack your facebook account. So like you see this world of hack is very complex and we can be victim in a lot of ways of this world problem. We have to be preventive and avoid to be exposed to the hackers because believe when I say that the hackers are closer than you think. Bye.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.