Imagine someone got on the loudspeaker at the Denver International Airport and started yelling out over and over again, “my Facebook username is Johnny@gmail.com and my password is jerky123″.
Now the next day when everyone in their mom logged into his account, he would claimed he got hacked. But did he?
Guess what. Every time you are using a public wifi network, password protected or not, you are shouting to the world your username and password to every website you use that is unencrypted.
Right now, as I write this, I am sitting in the denver airport. Its pretty much dead right now. I can see maybe 100 people in the entire terminal.
I just fired up FireFox with the FireSheep extension. Within seconds I have access to various peoples Gmail, Facebook, Yahoo, Hotmail. Amazon, Hotmail, and virtually every possible service known to man.
Keep in mind FireSheep is just a Firefox plugin (Google it) that has been downloaded millions of times. This plugin is totally passive network monitoring at its easiest. Its been pre-programmed to sniff for certain usernames of passwords for pre-defined sites.
There are TONS of tools that will show you a lot more stuff.
As you can see here I accessed someones Facebook account… read some messages. Its great for passing spare time:
Google accounts are just as easy to get into using the brainless Firesheep extension. I don’t ever do anything malicious… Just maybe set people’s search results to Vietnamese or something:
If you are using a public network of any kind, wifi or not, expect many people see everything you are doing.
You didn’t just get hacked. You are yelling to anyone that can hear you your username and passwords.
So how do you become more secure? Well for starters you should always tunnel your traffic through a ssh connection, vpn, or another secure method.
But I know 99.9% of my readers probably don’t know what a VPN is much less will be able to configure one.
So lets start with the basics.
To make your Gmail account secure change this setting:
To make all your Google Searches secure use this – https://www.google.com (I set it as my homepage).
To make your Facebook surfing secure change this setting in your account preferences:
:
Any place you are not using https:// in the front of the url you are at you should expect everyone is watching what you are doing.
Keep in mind this was at a airport where nobody was using computers….
Imagine what I see at a internet conference…..
About the author...
Jeremy Schoemaker – who has written 2707 posts on ShoeMoney.com.
Jeremy "ShoeMoney" Schoemaker is the founder & CEO of the ShoeMoney Blog, Elite Retreat Internet Conference, & the PAR Program. In 2013 Jeremy released his #1 Amazon Best selling Autobiography titled "Nothing's Changed But My Change" - The ShoeMoney Story. Jeremy currently lives in Lincoln Nebraska with his wife and 2 daughters.
9 Reasons Why Your Online Business Will Fail 
How To Get People To Promote Your Stuff 
How Hackers Are Using Google To Pwn Your Site 
.jpg)
{ 112 comments… read them below or add one }
Hi
What a great article. I will go change my settings
right now.
It just gets worse and worse with identity stealing, just as it did with
viruses and spyware… we’ll probably end up loading a ton of protection software
before we can proceed with our daily tasks…
Keep up this great blog – I love it
cheers
Tina
yup u r rite tina……agree with u.
Hi my Facebook account just got hacked and the email address have been changed also. Can anyone help to advise on how to have my acct deactivated to ensure these evil bastards do not wreck havoc using my account? This is damn frustrating. I really need help
Hi bitch if someone hacked ur facebook accountmake a new account. Are u that dumb asshole.
Suck my penis
This is scary stuff. I’m going to change my settings as well. (Imaging everyone knowing what I did!) Thanks for this!
That’s interesting that you say that because I feel there has been a TON of people sending emails/facebook posts about being hacked. I feel like one girl sends the message out every single month.
Evil evil stuff. This is why I don’t like public networks. If you had larceny in your heart, you’d be dangerous!
BTW you just publicly violated Facebook’s TOS 3.5: “You will not solicit login information or access an account belonging to someone else.”
I won’ t tell….
Wow is it really that easy to do this. I am curious and I am going to give it a try.
Hacking is defined as unauthorized usage. You don’t have authorization to access these people’s accounts. Easy or not you have just admitted to the entire world that you have broken the law and have hacked these people’s accounts.
Yes the passwords and session data are being broadcast in plaintext, but admitting to using them seems a bit crazy. It is 100% illegal.
In computing, a hacker is a person in one of several distinct (but not completely disjoint) communities and subcultures: * A community of enthusiast computer programmers and systems designers, originated in the 1960s around the Massachusetts Institute of Technology (MIT)’s Tech Model Railroad …
en.wikipedia.org/wiki/Hacking_(computing)
Only thing I am curious about is why people are interested in other people facebook profiles etc.
If you learn enough about someone, you can learn their security question answer (hometown, street they grew up on, first pet, etc)
And, this this would explain how my ex always knows what I’m up to.
Which is precisely why you should always give nonsense answers to those security questions. My hometown? The moon. Street I grew up on? Sunflower seeds. First pet? Tyrannosaurus rex named Tevevision. Mother’s maiden name? Awesomesauce. It’s easy to find facts. It’s not so easy to guess nonsense.
Already using these settings and Google 2 step verification enabled but only thinking to safe my facebook account. Using https but when you have to access any aaplication you have to change back to http. this is something where i have to take care of it
But there are problems with the Facebook secure browsing and certain apps. I’ve outlined it at http://bit.ly/e6p30Z so just beware.
while reading this article my url on the top begins with http:// and not https:// how to avoid this ?
wounder if it should be https:// on all the pages i visit while browsing different website daily.
you are not exposing any personal information such as password or anything important here. so i don’t think every website needs ssl or https to be secured.
Wow thanks for the heads up on that! I consider myself to be very internet savvy and I had no clue this was so easy.
Thanks for the HOT TIPS on hacking peoples accounts!
VPN (Virtual Private Network) for those of you who don’t know how to Google. Thanks, Shoe! 
this is why public wifi scares me
This is hilarious, I constantly amazed how lackadaisical people are with there private information. Hopefully this wakes a few people up !
Thanks so much for sharing this information. I definitely went in and changed all my account settings as soon as I read this. I’ve never felt safe on public wifi networks, but I had no idea it was this easy. I’m a little curious to try this, but it’s also kinda scary that you don’t know who could be watching your every Internet move!
Note that certain applications take you away from https! They do tell you when you click them. What they do NOT tell you: The change your standard setting! So next time you enter facebook, you are back on http! So chech the url regularly, if you want to stay safe!
really helpful
thanks a lot
A definite wake-up call. Thank you, I’ll be adjusting the way I use services.
Facebook’s coming integration to payment solutions makes this issue much more serious for their accounts. Smart sniffers are building up lists of user/pass info now and waiting patiently for when they can do something useful with it.
It is scary what people can find out about you on public wifi, considering it is so easy to protect all that information. I use soke software called Remobo on my laptop that creates a instant private network. Then using a simple proxy server on my home computer I route all the traffic through Remobo to my home proxy. Every thing is then encrypted. Works for me anyways. Better to be safe than have someone get my info.
I was aware of the facebook issue, but appreciate the tips on others. thx
Thank you for the Facebook tip!
public wi fi is only good for catching up on the news. thanks for the tip though.
I feel special I belong to the 0,01%, Shoe, you made my day
Shoe,
Can you explain how you/Firesheep is able to pickup usernames/pws from gmail, amazon, yahoo, and hotmail? When I visit those sites and attempt to login it appears that I’m on an https connection…
Gmail.com: redirects to https sign-in page automatically
Hotmail.com: redirects to https sign-in page automatically
mail.yahoo.com: redirects to https sign-in page automatically
Amazon.com: is http by default, but redirects to https sign-in page if you click “Sign-in”
I was under the “assumption” that sending a user/pass via an https sign-in page was secure. So, I’m curious how you’re picking these up. Perhaps you’re getting people that are cookied, have pws saved in browser, and are just getting auto-logged-in when they visit these sites?
Would be cool if you could shed some light on this b/c I don’t want to be seeing Vietnamese search results or have a goatse Facebook avatar after the next Pubcon. :p
He didn’t get any passwords…he is just a show off…firesheep doesn’t GET the passwords, it hijacks the session cookie between you(the browser) and the site(for example facebook). The cookie DOESN’T CONTAIN THE PASSWORD… so please Shoe, explain to me how did you get the password using firesheep
Can the session cookie still be hijacked if your user/pass was entered on an https page (does https matter here)?
lol.. I haven’t heard the term goatse mentioned for years. You certainly wouldn’t want someone throwing that up on your profile.
yea I’ve seen firesheep and it’s power is crazy.
OMG, I am sooo changing everyone’s search results to Hindi or Chinese tomorrow
Is Klingon still an option? Or Elmer Fudd?
WOW!! No Way. Totally cool ShoeMoney. Thanks again for sharing your skills to pay the bills.
TEddy
Wow – Never even really put any thought into this issue before. Although I don’t access a lot of public wifi hotspots often, this is helpful in the future (considering more and more locations are getting wifi – it’s nearly everywhere these days).
On another note, I bet you had a heyday passing time this way, eh?
Hacking is illegal. I would remove this post right away as you have admitted on a public blog to hacking other peoples accounts. You are making the problem worse by telling others how to replicate the hack.
An irresponsible post.
Thank you so much for this very helpful information you got here.
This is a great post Shoe and something that would save people like myself that forgets about this security issue sometimes. Especially as an internet marketer you always wan’t your privacy and internet connection secure and free from prying eyes and hackers.
Ok, so I can thank you for hacking my account? no, just kidding.
I’ve done this before! But this was good reminder. Had to double check.
You said
“Just maybe set people’s search results to Vietnamese or something”
Wondering why you felt the need to do anything at all? That little prank might be a big deal for a newbie that may lose hours of productive time trying to figure out what the hell happened.
Just because you can, doesn’t mean you should.
Great reminder and article. We develop a false sense of safety and security. I’d never heard of that plug in either. Will make me think twice over public networks. Thanks.
Does this means security browser has the impact, and Fb server not protected as well?
I didnt have a clue it was that easy! Definitely time to change my settings.
Thanks
GREAT post I keep way too much info in gmail for it to be that easy to crack
Is this really possible.
Using wifi seems to be risky then.
Not for nothing but yes it is stupid to log into public networks with key information. That said you opening those people’s profiles and emails that are not yours is most certainly hacking. You could have written this same article without breaching people’s privacy. I have to say I have been following you a long time and found this pretty surprising.
thanks a bunch! that surely changes things.
Thank you for these tips, but it’s not enought to protect our accounts..
Wow, you can never be too careful!
Pretty nifty tool.
I was looking for where to browse with https in Google and couldn’t find it …
Hey, i would like to tell you thanks for giving us that very informative blog post. it is absolutely a to some extent interesting page.
Just found your website last night and I got to say LOVE It. keep up the great work right now iam going to go get firesheep.
Jeremy,
I’m surprised at how few people know about this.
Once I learned about it, I added the ability to make my cell phone a wifi 4G hot spot and never use public wifi’s at airports (and even hotels) to connect to the internet.
I can only imagine what you can find at Internet conferences!
Brian
make sure is is encryped and locked otherwise its no diffrent from public
If you want to help protect yourself against Firesheep go and download Blacksheep from Zscaler. It will detect if someone is tryng to hack you using Firesheep. Also follow the advice above. In addition to Facebook and Google I’d recommend setting your Twitter profile to use https as well.
This is like so fuckin’ noob…If I use something like BACKTRACk, there’s no way you’re gonna protect yourself and agian backtrack is just the beginning! Hacking tools we linux pros develop are 1000 times better than that stupid firefox plugin!
Yeah shure – theare many ways around this, not only the plugin, also there is a vpn you can buy, so your whole traffic is encrypthed, if you are in affiliate marketing, it can safe you lots of money to buy one of these
Does it work when the victim is in a different other than my network? If yes, then it’s ok. But if it doesn’t work then what should I do to hack that victim’s password?
A very helpful article, thanks!
lmao i just downloaded it! Thats funny
please hacked this account.,jowjow_obligar@yahoo.com..for my safety.tnx
omg that’s my facebook
AMGD.JMBG
So there are other ways tohack facebook lol I hope u all know that
Outstanding – I ought to certainly pronounce, impressed with your site. I had no difficulty navigating by indicates all the tabs also as linked info ended up being genuinely simple to accomplish to accessibility. I lately discovered what I hoped for ahead of you understand it whatsoever.
It is so easy indeed to hack into some accounts….
Is it bad if I want to download the firefox plugin to snoop around
I am guilty of being careless with my connections and this was a big wake up call.
Major food for thought here……. Thanks you very much Jeremy for bringing this to our attention. I spend a lot of time in public places on wifi and I cringe at the thought that someone has been “watching” me? Just changed both my Facebook and Gmail settings as instructed. Feel a bit better now. Would there be any other things people could get access to this way? Such as internet banking?
Why would anyone care about their Facebook account being hacked? What have you got hidden there? What your lame friends are saying about their noneventful lives? Hack away…
Hi Folks — hoping someone here can help me. My son’s crazy ex-girlfriend has hacked into BOTH his FB and his email. His email address is attached to his FB account, and she has changed everything so HE cannot access HIS FB account, nor can we figure out how to fix the problem because she changed the email addy attached to his FB, so doing a password reset isn’t feasible — it would just send the information to the email she has set up for his account. I tried to report as hacking in FB, but have the same issues – it will just send an email to HER. Shame on him for giving her his passwords in the first place……you’re an idiot when you’re that young and “in love”. Hahaha. Sure appreciate help from anyone out there……..cheers.
I try to keep away from public networks whenever possible but didn’t realise it was that easy for my details to be given to all and sundry.
Thanks for the info – it’s actually pathetic that we have to live our lives worrying about this sort of crap.
taaaaaaaaaaaaaaaaaaaaaaaaaaaa
taaaaaaaaaaaaaaaaaaaaaaaaaaaa
My fb account got hacked, what can I do to get it back?
Oh man… I had no idea that this was even available. I have always wondered how people were able to hack accounts. This can be pretty scary.
hacking-facebook.com premium
wow thank you for posting this i have learned lot of things ….
if you need money join here
http://www.clixsense.com/?3829618
Hey any one hack a facebook page for me? page got 6000 fans
if you can get it banned / deleted in any way ( through bulk report abuse etc ) i can give you 50 $
& if you transfer the admin i will pay you 100 $. ( also tell me how many days i will remain the admin )
If you cant do this work freely tell me you cant do as i will pay you when you got the work done.
Also tell me how i will pay you?
Thank You
Yeah You are the champ man
You could also use a VPN to encrypt your sessions. I always use http://www.sunvpn.com/ from public networks.
Hello my friend facebook account is hacked so now how may i can hack it n return to him?
Very Nice Article, thank you!!
hacked this facebook
Hi, i think that i noticed you visited my site thus i got here to go back the favor?.I am trying to find things to enhance my website!I guess its adequate to make use of some of your ideas!!
GET A LIFE
Thanks for this info-you probably saved hundreds of people from having their 411 hacked, me included. I’m going to change my own Google settings now, too, as I often use WiFi at my daughter’s gymnastics practice. Thanks again!
how r u
what is hack
Can u only download firesheep with pc or can it b done without pc iv been trying to get this addon for a minute plus winpcap but get anything done with my maxx tks
plz solve i have hake my friend facebook account
Is there any way to know who is hacking my facebook account ?
My brother recommended I might like this website. He was entirely right.
This post truly made my day. You cann’t imagine simply how much time I had spent for this information! Thanks!
I’d like to thank you for the efforts you have put in writing this site. I’m hoping to view
the same high-grade blog posts by you later on as well. In truth, your
creative writing abilities has encouraged me to get my very
own blog now
I was suggested this blog by my cousin. I’m not sure whether this post is written by him as nobody else know such detailed about my trouble. You’re amazing!
Thanks!
What a great article. Thanks a lot !
I’ve learn some excellent stuff here. Certainly worth bookmarking for revisiting. I wonder how much effort you place to create one of these wonderful informative web site.
Hi there to every body, it’s my first pay a quick visit of this webpage; this webpage includes amazing and really excellent data in favor of visitors.
This is my first time visit at here and i am really impressed to read all at single place.
Link exchange is nothing else however it is simply placing the other person’s blog link on your page at suitable place and other person will also do same in favor of you.
Great article! This is the type of information
that should be shared around the net. Shame on Google for not positioning this post upper!
Come on over and talk over with my website . Thanks =)
Thanks for finally talking about >How I hacked your Facebook
account – ShoeMoney Internet Marketing Blog <Liked it!
Hey! Do you know if they make any plugins to assist with Search
Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results.
If you know of any please share. Kudos!
Hi, I do think this is a great website. I stumbledupon it
I’m going to revisit once again since i have saved as a favorite it. Money and freedom is the greatest way to change, may you be rich and continue to help others.
Your style is very unique in comparison to other people I’ve read stuff from. I appreciate you for posting when you have the opportunity, Guess I’ll just bookmark this page.