How do Facebook accounts get hacked?

Facebook is one of the most popular social media platforms, with over 2.9 billion monthly active users as of Q4 2021. However, with such a massive userbase, Facebook accounts are a major target for hackers and cybercriminals looking to steal personal information or spread malware.

According to Facebook, compromised accounts are accounts that have been “affected by unauthorized activity.” This can include getting hacked, having the login information compromised, or having malware or viruses on the device used to access Facebook. In 2020 alone, Facebook took action on over 1.3 billion compromised accounts.

So how exactly do hackers break into Facebook accounts? There are a few common methods that cybercriminals use:

Phishing and Social Engineering

One of the most common ways Facebook accounts get hacked is through phishing. Phishing is when hackers create fake login pages or emails that look like they are from Facebook in order to trick users into handing over their login credentials. They then use these credentials to access the real Facebook account.

For example, a user might receive a realistic-looking email that appears to be from Facebook, warning them that their account will be deactivated unless they click on a link to confirm their identity. However, the link actually leads to a fake login page that captures any information the user enters. Hackers can even spoof the real Facebook URL in the address bar to make the page seem legitimate.

Hackers might also use social engineering tactics, like contacting the user pretending to be Facebook support. They may ask for the password or request that the user enter a code sent to their email or phone number in order to “regain access” to their account.

These types of phishing and social engineering schemes rely on tricking users into voluntarily giving up their login information. The emails and websites can look very convincing, so it’s important for users to be wary of unsolicited requests for login details or sensitive information.

Password Guessing

Another way Facebook accounts get compromised is through password guessing. Hackers have access to huge lists of commonly used or compromised passwords from previous data breaches. They can use password cracking software to run through these word lists and try logging into accounts.

If a user has a weak password that is short, generic, or reused across different sites, it has a higher chance of getting discovered through this password guessing technique. Hackers target accounts without two-factor authentication enabled since there is only one barrier to access – the password.

Strong, unique passwords that haven’t been part of previous breaches are much harder for hackers to crack through these guessing attacks. Enabling two-factor authentication adds an additional layer of security that protects the account even if the password is compromised.

Malware and Spyware

Malware and spyware pose another threat when it comes to account hacking. This type of software can get installed on a user’s device without their knowledge, through infected links or files. Once installed, it can sit in the background monitoring activity and data.

Keyloggers are one type of malware that logs keystrokes as a user types, capturing sensitive information like passwords and credit card numbers. Spyware apps may look for login sessions and grab usernames and passwords. Some malware will even search for Facebook session cookies on the device that can allow a hacker to impersonate the account.

If a device is compromised by malware, hackers may be able to directly hijack the Facebook session or collect account information that enables them to access or impersonate the account on another device.

Third-Party App Permissions

Granting permission to third-party Facebook apps also opens up an avenue for hackers. When users allow an app access to their Facebook account, they are providing the app with the ability to access profile data, post updates, and read messages.

Malicious apps take advantage of these permissions to steal information or take over accounts. Even well-intentioned apps can expose data if they have security flaws that get exploited. Users should be cautious and limit the permissions given to apps that don’t come directly from Facebook.

Facebook has over 10 million developers building apps for their platform. Reviewing permissions and making sure only trusted apps have access is an important step to securing accounts.

SIM Swapping

SIM swapping is a technique hackers employ to bypass two-factor authentication security on accounts. With two-factor authentication, the user has to enter a code sent to their phone via text message in addition to their password when logging in from a new device.

But with SIM swapping, the hacker is able to transfer the victim’s phone number onto a new SIM card that they control. When the user tries to log in, the two-factor authentication code is sent to the hacker’s device instead of the real user’s phone. This allows them to access and take over the account.

By combining SIM swapping with phishing or malware attacks to steal the account password, hackers can circumvent most standard account protections. Users should be cautious of anyone attempting to obtain personal details or account information that could enable a SIM swap.

Compromised Machines or Networks

Public or shared computers that are already infected with malware enable hackers to access entered account details and login sessions. Unsecured public WiFi networks can also put accounts at risk if the connection is intercepted and account activity is monitored.

Companies that suffer network breaches may also unintentionally expose customer account credentials that get harvested by hackers. Facebook compels companies that access Facebook data to strengthen security and avoid situations that could lead to stolen credentials.

Practicing safe browsing and computing habits provides protection against these types of attacks. Avoid using public computers or networks when accessing accounts. Use a VPN if accessing accounts on shared networks.

Physical Access to Devices

If someone gains physical access to a logged-in device, they may be able to access Facebook accounts without needing the password. This underscores the importance of locking devices when not in use and enabling automatic lock settings.

Hackers with physical device access can install malware, access browser sessions and cookies, connect devices for syncing, or enable new authentication methods. Unattended devices should always be secured and protected.

Facebook Account Recovery Abuse

Facebook provides account recovery options in case users forget their password or lose access. However, hackers can abuse these account recovery processes by providing false information to gain access to accounts that aren’t theirs.

For example, if a hacker knows some basic personal info about their target, they may attempt to reset the password by spoofing device identifiers, recent locations, contacts and more. Secure accounts should utilize two-factor authentication to prevent account recovery abuse.

Facebook Employees or Insiders

Rogue Facebook employees or insiders with access to Facebook systems could alter account credentials or settings to take over accounts. However, Facebook maintains that they have strict access controls and monitoring to make such account hijacking highly unlikely by internal personnel.

Nonetheless, any company with access to vast amounts of user data could have malicious insiders that abuse their privileges. Accounts should still be secured against outside access, even from sources within Facebook.

Targeted Attacks

High profile accounts like politicians, celebrities, or wealthy users may face more targeted and persistent hacking attempts. These attacks may combine phishing, social engineering, password guessing, malware and account recovery abuse specifically tailored to gain access to the target account.

For example, hackers may research information about the target to craft a convincing phishing message or answer security questions. The payoff of accessing a high value target’s account provides incentive for hackers to invest significant time and effort into customized social engineering.

Accidental Exposure

Sometimes account credentials get exposed accidentally rather than maliciously. Users may accidentally type their Facebook password into the wrong website which could expose it or reuse the same password on multiple sites. If one site gets breached, accounts on other sites are then vulnerable.

Downloading apps or files from unofficial sources can also introduce malware that captures entered passwords or other account activity. While not a hacking attempt per se, accidental password and account exposures do present risks. Using unique passwords and installing apps from trusted sources can help avoid inadvertent account compromises.

FB Purity Browser Extension Hack

In December 2018, hackers compromised the FB Purity browser extension for Chrome and Firefox. FB Purity provides customized filtering and features for Facebook. Since it has full access to accounts when installed, the malicious code introduced in the hacked extension versions allowed hackers to steal cookies and login credentials.

Over 100,000 users had the hacked extension installed. This demonstrates the risks associated with granting full account access to browser extensions. Only install reputable extensions from verified developers and pay close attention to extension permissions.

Prevention Tips

Here are some key tips to help prevent Facebook account hacking:

• Use a strong, unique password that hasn’t been associated with other breaches.
• Enable two-factor authentication for added login protection.
• Be wary of unsolicited emails and links asking for account details or directing to odd URLs.
• Avoid entering account credentials on public computers or unsecured WiFi networks.
• Install anti-virus and anti-malware software to detect threats.
• Limit app permissions so third parties have minimal account access.
• Monitor login locations and secure recovery options.
• Lock devices when not in use to prevent unauthorized physical access.

Recovery Steps if Hacked

If a Facebook account is hacked, here are some steps to regain access:

1. Use Facebook’s account recovery process to reset the password. Verify account ownership through confirmation codes or recovery contacts.
2. Remove any unauthorized apps linked to the account in the App Dashboard.
3. Check past posts and activity for anything unusual posted by the hacker and delete.
4. Enable Login Approvals with two-factor authentication if not already activated.
5. Update the account password to a new strong and complex password.
6. Recover the account on all logged-in devices to revoke sessions.
7. Submit copies of ID to Facebook to prove account ownership if recovery fails.

The quicker unauthorized changes can be discovered and reverted, the less opportunity hackers have to do damage or gain information. Make the account more secure for the future by adding authentication protections, changing the password, and removing unauthorized app access.

Conclusion

Facebook accounts are prime targets for hackers due to the vast amount of private data they contain and the prevalence of users on the platform. While Facebook has advanced security controls, vulnerabilities still exist through phishing, malware, password guessing, accidental exposures and abuse of recovery processes.

By being cautious around unsolicited links and requests for information, using strong login credentials, limiting app permissions, enabling two-factor authentication, and watching for unauthorized activity, users can secure accounts from the most common hacking threats.

No security is foolproof, but Facebook provides tools to regain account control if hacked and minimize potential long-term impacts through rapid response. Staying vigilant about new hacking techniques and keeping account protections updated is key to staying ahead of cybercriminals looking to exploit the platform and its billions of users.