How I hacked your Facebook account

by Jeremy Schoemaker on March 8, 2011 · 119 comments

Imagine someone got on the loudspeaker at the Denver International Airport and started yelling out over and over again, “my Facebook username is Johnny@gmail.com and my password is jerky123″.

Now the next day when everyone in their mom logged into his account, he would claimed he got hacked. But did he?

Guess what. Every time you are using a public wifi network, password protected or not, you are shouting to the world your username and password to every website you use that is unencrypted.

Right now, as I write this, I am sitting in the denver airport. Its pretty much dead right now. I can see maybe 100 people in the entire terminal.

I just fired up FireFox with the FireSheep extension. Within seconds I have access to various peoples Gmail, Facebook, Yahoo, Hotmail. Amazon, Hotmail, and virtually every possible service known to man.

Keep in mind FireSheep is just a Firefox plugin (Google it) that has been downloaded millions of times. This plugin is totally passive network monitoring at its easiest. Its been pre-programmed to sniff for certain usernames of passwords for pre-defined sites.

There are TONS of tools that will show you a lot more stuff.

As you can see here I accessed someones Facebook account… read some messages. Its great for passing spare time:

Google accounts are just as easy to get into using the brainless Firesheep extension. I don’t ever do anything malicious… Just maybe set people’s search results to Vietnamese or something:

If you are using a public network of any kind, wifi or not, expect many people see everything you are doing.

You didn’t just get hacked. You are yelling to anyone that can hear you your username and passwords.

So how do you become more secure? Well for starters you should always tunnel your traffic through a ssh connection, vpn, or another secure method.

But I know 99.9% of my readers probably don’t know what a VPN is much less will be able to configure one.

So lets start with the basics.

To make your Gmail account secure change this setting:

To make all your Google Searches secure use this – https://www.google.com (I set it as my homepage).

To make your Facebook surfing secure change this setting in your account preferences:

:

Any place you are not using https:// in the front of the url you are at you should expect everyone is watching what you are doing.

Keep in mind this was at a airport where nobody was using computers….

Imagine what I see at a internet conference…..

full disclosure

About the author...

– who has written 2855 posts on ShoeMoney.com.

Jeremy "ShoeMoney" Schoemaker is the founder & CEO of the ShoeMoney Blog, Elite Retreat Internet Conference, & the PAR Program. In 2013 Jeremy released his #1 Amazon Best selling Autobiography titled "Nothing's Changed But My Change" - The ShoeMoney Story. Jeremy currently lives in Lincoln Nebraska with his wife and 2 daughters.


Jason recommends you check out these amazing posts:

  1. Google Adsense Check The Adsense Check for $132,994.97
  2. eqraid12 I Am A Recovering Addict of MMORPG Games
  3. par program 99designs From the Top Designers’ Perspectives

{ 119 comments }

1 Tina Lindgren

Hi
What a great article. I will go change my settings
right now.
It just gets worse and worse with identity stealing, just as it did with
viruses and spyware… we’ll probably end up loading a ton of protection software
before we can proceed with our daily tasks…

Keep up this great blog – I love it :-)

cheers
Tina

2 Akshay

yup u r rite tina……agree with u.

Shoemoney 3 E.c

Hi my Facebook account just got hacked and the email address have been changed also. Can anyone help to advise on how to have my acct deactivated to ensure these evil bastards do not wreck havoc using my account? This is damn frustrating. I really need help

4 a.

Hi bitch if someone hacked ur facebook accountmake a new account. Are u that dumb asshole.

Shoemoney 5 Ankit

Suck my penis

6 Shahid khan

Confermation my email account and password ,send me sms in my inbox.help me activate my email account .

7 Jen

This is scary stuff. I’m going to change my settings as well. (Imaging everyone knowing what I did!) Thanks for this!

8 dave

That’s interesting that you say that because I feel there has been a TON of people sending emails/facebook posts about being hacked. I feel like one girl sends the message out every single month.

9 Hotdogman

Evil evil stuff. This is why I don’t like public networks. If you had larceny in your heart, you’d be dangerous!

BTW you just publicly violated Facebook’s TOS 3.5: “You will not solicit login information or access an account belonging to someone else.”

I won’ t tell….

10 Brian P

Wow is it really that easy to do this. I am curious and I am going to give it a try.

11 Harry

Hacking is defined as unauthorized usage. You don’t have authorization to access these people’s accounts. Easy or not you have just admitted to the entire world that you have broken the law and have hacked these people’s accounts.

Yes the passwords and session data are being broadcast in plaintext, but admitting to using them seems a bit crazy. It is 100% illegal.

12 Liam

In computing, a hacker is a person in one of several distinct (but not completely disjoint) communities and subcultures: * A community of enthusiast computer programmers and systems designers, originated in the 1960s around the Massachusetts Institute of Technology (MIT)’s Tech Model Railroad …
en.wikipedia.org/wiki/Hacking_(computing)

13 Funny Stuff

Only thing I am curious about is why people are interested in other people facebook profiles etc.

14 Skrull

If you learn enough about someone, you can learn their security question answer (hometown, street they grew up on, first pet, etc)

15 CG

And, this this would explain how my ex always knows what I’m up to.

16 Goldfish

Which is precisely why you should always give nonsense answers to those security questions. My hometown? The moon. Street I grew up on? Sunflower seeds. First pet? Tyrannosaurus rex named Tevevision. Mother’s maiden name? Awesomesauce. It’s easy to find facts. It’s not so easy to guess nonsense. ;)

17 Vivek Parmar

Already using these settings and Google 2 step verification enabled but only thinking to safe my facebook account. Using https but when you have to access any aaplication you have to change back to http. this is something where i have to take care of it

18 Just Some Guy

But there are problems with the Facebook secure browsing and certain apps. I’ve outlined it at http://bit.ly/e6p30Z so just beware.

19 sundeesh

while reading this article my url on the top begins with http:// and not https:// how to avoid this ? :D

wounder if it should be https:// on all the pages i visit while browsing different website daily.

20 Ashish Patel

you are not exposing any personal information such as password or anything important here. so i don’t think every website needs ssl or https to be secured. :)

21 Trent

Wow thanks for the heads up on that! I consider myself to be very internet savvy and I had no clue this was so easy.

22 Backoffice Bob

Thanks for the HOT TIPS on hacking peoples accounts! :) VPN (Virtual Private Network) for those of you who don’t know how to Google. Thanks, Shoe! :)

23 Todd

this is why public wifi scares me

24 OJQ Jeff

This is hilarious, I constantly amazed how lackadaisical people are with there private information. Hopefully this wakes a few people up !

25 Alexander | Legit Make Money Online

Thanks so much for sharing this information. I definitely went in and changed all my account settings as soon as I read this. I’ve never felt safe on public wifi networks, but I had no idea it was this easy. I’m a little curious to try this, but it’s also kinda scary that you don’t know who could be watching your every Internet move!

26 Lovey

Note that certain applications take you away from https! They do tell you when you click them. What they do NOT tell you: The change your standard setting! So next time you enter facebook, you are back on http! So chech the url regularly, if you want to stay safe!

27 eddy

really helpful
thanks a lot :)

28 Kirk Taylor

A definite wake-up call. Thank you, I’ll be adjusting the way I use services.

29 Korak

Facebook’s coming integration to payment solutions makes this issue much more serious for their accounts. Smart sniffers are building up lists of user/pass info now and waiting patiently for when they can do something useful with it.

30 John Tucker

It is scary what people can find out about you on public wifi, considering it is so easy to protect all that information. I use soke software called Remobo on my laptop that creates a instant private network. Then using a simple proxy server on my home computer I route all the traffic through Remobo to my home proxy. Every thing is then encrypted. Works for me anyways. Better to be safe than have someone get my info.

31 Advo Girl

I was aware of the facebook issue, but appreciate the tips on others. thx

32 Stop Survey Calls

Thank you for the Facebook tip!

33 Ed from htmlpress.net

public wi fi is only good for catching up on the news. thanks for the tip though.

34 Backlink Checker

I feel special I belong to the 0,01%, Shoe, you made my day

35 Garrett

Shoe,

Can you explain how you/Firesheep is able to pickup usernames/pws from gmail, amazon, yahoo, and hotmail? When I visit those sites and attempt to login it appears that I’m on an https connection…

Gmail.com: redirects to https sign-in page automatically
Hotmail.com: redirects to https sign-in page automatically
mail.yahoo.com: redirects to https sign-in page automatically
Amazon.com: is http by default, but redirects to https sign-in page if you click “Sign-in”

I was under the “assumption” that sending a user/pass via an https sign-in page was secure. So, I’m curious how you’re picking these up. Perhaps you’re getting people that are cookied, have pws saved in browser, and are just getting auto-logged-in when they visit these sites?

Would be cool if you could shed some light on this b/c I don’t want to be seeing Vietnamese search results or have a goatse Facebook avatar after the next Pubcon. :p

36 Andrei Buiu

He didn’t get any passwords…he is just a show off…firesheep doesn’t GET the passwords, it hijacks the session cookie between you(the browser) and the site(for example facebook). The cookie DOESN’T CONTAIN THE PASSWORD… so please Shoe, explain to me how did you get the password using firesheep

37 Garrett

Can the session cookie still be hijacked if your user/pass was entered on an https page (does https matter here)?

38 Mark

lol.. I haven’t heard the term goatse mentioned for years. You certainly wouldn’t want someone throwing that up on your profile.

39 Kevin

yea I’ve seen firesheep and it’s power is crazy.

40 Mohammad Afaq

OMG, I am sooo changing everyone’s search results to Hindi or Chinese tomorrow :D

41 Goldfish

Is Klingon still an option? Or Elmer Fudd?

42 teddy

WOW!! No Way. Totally cool ShoeMoney. Thanks again for sharing your skills to pay the bills.

TEddy

43 Bryan

Wow – Never even really put any thought into this issue before. Although I don’t access a lot of public wifi hotspots often, this is helpful in the future (considering more and more locations are getting wifi – it’s nearly everywhere these days).

On another note, I bet you had a heyday passing time this way, eh? :)

44 Will

Hacking is illegal. I would remove this post right away as you have admitted on a public blog to hacking other peoples accounts. You are making the problem worse by telling others how to replicate the hack.

An irresponsible post.

45 Aurelius Tjin

Thank you so much for this very helpful information you got here.

46 Ty Wagner

This is a great post Shoe and something that would save people like myself that forgets about this security issue sometimes. Especially as an internet marketer you always wan’t your privacy and internet connection secure and free from prying eyes and hackers.

47 Jerry F

Ok, so I can thank you for hacking my account? no, just kidding.

48 Kevin

I’ve done this before! But this was good reminder. Had to double check.

49 Robert

You said
“Just maybe set people’s search results to Vietnamese or something”

Wondering why you felt the need to do anything at all? That little prank might be a big deal for a newbie that may lose hours of productive time trying to figure out what the hell happened.

Just because you can, doesn’t mean you should.

50 Jacmo

Great reminder and article. We develop a false sense of safety and security. I’d never heard of that plug in either. Will make me think twice over public networks. Thanks.

51 Ari Lestariono

Does this means security browser has the impact, and Fb server not protected as well?

52 Ross

I didnt have a clue it was that easy! Definitely time to change my settings.

Thanks :)

53 Rocks

GREAT post I keep way too much info in gmail for it to be that easy to crack

54 Sujanath

Is this really possible.
Using wifi seems to be risky then.

55 Jessica S

Not for nothing but yes it is stupid to log into public networks with key information. That said you opening those people’s profiles and emails that are not yours is most certainly hacking. You could have written this same article without breaching people’s privacy. I have to say I have been following you a long time and found this pretty surprising.

56 selvi

thanks a bunch! that surely changes things.

57 Saber

Thank you for these tips, but it’s not enought to protect our accounts..

58 Surrey Web Design

Wow, you can never be too careful!

59 Jeremy

Pretty nifty tool.

I was looking for where to browse with https in Google and couldn’t find it …

60 voiture eau

Hey, i would like to tell you thanks for giving us that very informative blog post. it is absolutely a to some extent interesting page.

61 Al Eddy

Just found your website last night and I got to say LOVE It. keep up the great work right now iam going to go get firesheep.

62 Brian T. Edmondson

Jeremy,

I’m surprised at how few people know about this.

Once I learned about it, I added the ability to make my cell phone a wifi 4G hot spot and never use public wifi’s at airports (and even hotels) to connect to the internet.

I can only imagine what you can find at Internet conferences!

Brian

63 col

make sure is is encryped and locked otherwise its no diffrent from public

64 Rob Woods

If you want to help protect yourself against Firesheep go and download Blacksheep from Zscaler. It will detect if someone is tryng to hack you using Firesheep. Also follow the advice above. In addition to Facebook and Google I’d recommend setting your Twitter profile to use https as well.

65 blackhathacker

This is like so fuckin’ noob…If I use something like BACKTRACk, there’s no way you’re gonna protect yourself and agian backtrack is just the beginning! Hacking tools we linux pros develop are 1000 times better than that stupid firefox plugin!

66 Arbeit

Yeah shure – theare many ways around this, not only the plugin, also there is a vpn you can buy, so your whole traffic is encrypthed, if you are in affiliate marketing, it can safe you lots of money to buy one of these

67 Imran

Does it work when the victim is in a different other than my network? If yes, then it’s ok. But if it doesn’t work then what should I do to hack that victim’s password?

68 Sahil Kotak

A very helpful article, thanks!

69 Rodney

lmao i just downloaded it! Thats funny

70 jhoira

please hacked this account.,jowjow_obligar@yahoo.com..for my safety.tnx

71 jimmy

omg that’s my facebook

72 GAGAN ODEDARA

AMGD.JMBG

73 Eric

So there are other ways tohack facebook lol I hope u all know that

74 lyndon

Outstanding – I ought to certainly pronounce, impressed with your site. I had no difficulty navigating by indicates all the tabs also as linked info ended up being genuinely simple to accomplish to accessibility. I lately discovered what I hoped for ahead of you understand it whatsoever.

75 Eric

It is so easy indeed to hack into some accounts….
Is it bad if I want to download the firefox plugin to snoop around ;-)

76 Jay Martin

I am guilty of being careless with my connections and this was a big wake up call.

77 Ann's Life Quotes

Major food for thought here……. Thanks you very much Jeremy for bringing this to our attention. I spend a lot of time in public places on wifi and I cringe at the thought that someone has been “watching” me? Just changed both my Facebook and Gmail settings as instructed. Feel a bit better now. Would there be any other things people could get access to this way? Such as internet banking?

78 Don Lawrence

Why would anyone care about their Facebook account being hacked? What have you got hidden there? What your lame friends are saying about their noneventful lives? Hack away…

Shoemoney 79 christine

Hi Folks — hoping someone here can help me. My son’s crazy ex-girlfriend has hacked into BOTH his FB and his email. His email address is attached to his FB account, and she has changed everything so HE cannot access HIS FB account, nor can we figure out how to fix the problem because she changed the email addy attached to his FB, so doing a password reset isn’t feasible — it would just send the information to the email she has set up for his account. I tried to report as hacking in FB, but have the same issues – it will just send an email to HER. Shame on him for giving her his passwords in the first place……you’re an idiot when you’re that young and “in love”. Hahaha. Sure appreciate help from anyone out there……..cheers.

80 Audiobook Online

I try to keep away from public networks whenever possible but didn’t realise it was that easy for my details to be given to all and sundry.

Thanks for the info – it’s actually pathetic that we have to live our lives worrying about this sort of crap.

81 chinois

taaaaaaaaaaaaaaaaaaaaaaaaaaaa

82 chinois

taaaaaaaaaaaaaaaaaaaaaaaaaaaa

83 manu

My fb account got hacked, what can I do to get it back?

84 Jeff Dunham Controlled Chaos

Oh man… I had no idea that this was even available. I have always wondered how people were able to hack accounts. This can be pretty scary.

85 Mister

hacking-facebook.com premium

86 philip

wow thank you for posting this i have learned lot of things ….

if you need money join here
http://www.clixsense.com/?3829618

87 Irfan Baig

Hey any one hack a facebook page for me? page got 6000 fans

if you can get it banned / deleted in any way ( through bulk report abuse etc ) i can give you 50 $

& if you transfer the admin i will pay you 100 $. ( also tell me how many days i will remain the admin )

If you cant do this work freely tell me you cant do as i will pay you when you got the work done.

Also tell me how i will pay you?

Thank You

88 Best Top 10 English Songs 2012

Yeah You are the champ man :D

89 Dani

You could also use a VPN to encrypt your sessions. I always use http://www.sunvpn.com/ from public networks.

90 Saiket

Hello my friend facebook account is hacked so now how may i can hack it n return to him?

91 Rehut Team

Very Nice Article, thank you!!

92 carlo abecia

hacked this facebook

93 Facebook password hack

Hi, i think that i noticed you visited my site thus i got here to go back the favor?.I am trying to find things to enhance my website!I guess its adequate to make use of some of your ideas!!

Shoemoney 94 sasha

GET A LIFE

95 Mike Benton

Thanks for this info-you probably saved hundreds of people from having their 411 hacked, me included. I’m going to change my own Google settings now, too, as I often use WiFi at my daughter’s gymnastics practice. Thanks again!

96 omar

how r u

Shoemoney 97 Anonymous

what is hack

98 cnotte

Can u only download firesheep with pc or can it b done without pc iv been trying to get this addon for a minute plus winpcap but get anything done with my maxx tks

99 rayees

plz solve i have hake my friend facebook account

100 wishing

Is there any way to know who is hacking my facebook account ?

101 wireless password hacker

My brother recommended I might like this website. He was entirely right.
This post truly made my day. You cann’t imagine simply how much time I had spent for this information! Thanks!

102 לקנות לייקים

I’d like to thank you for the efforts you have put in writing this site. I’m hoping to view
the same high-grade blog posts by you later on as well. In truth, your
creative writing abilities has encouraged me to get my very
own blog now ;)

103 im target

I was suggested this blog by my cousin. I’m not sure whether this post is written by him as nobody else know such detailed about my trouble. You’re amazing!
Thanks!

104 cansuu

What a great article. Thanks a lot ! :)

105 Irvin

I’ve learn some excellent stuff here. Certainly worth bookmarking for revisiting. I wonder how much effort you place to create one of these wonderful informative web site.

106 hotels in gensan

Hi there to every body, it’s my first pay a quick visit of this webpage; this webpage includes amazing and really excellent data in favor of visitors.

107 well designed

This is my first time visit at here and i am really impressed to read all at single place.

108 Dave

Link exchange is nothing else however it is simply placing the other person’s blog link on your page at suitable place and other person will also do same in favor of you.

109 fem dophilus for yeast infection

Great article! This is the type of information
that should be shared around the net. Shame on Google for not positioning this post upper!
Come on over and talk over with my website . Thanks =)

110 Dominick

Thanks for finally talking about >How I hacked your Facebook
account – ShoeMoney Internet Marketing Blog <Liked it!

111 metronome online tap

Hey! Do you know if they make any plugins to assist with Search
Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results.

If you know of any please share. Kudos!

112 SCAMMING THIEVES

Hi, I do think this is a great website. I stumbledupon it ;) I’m going to revisit once again since i have saved as a favorite it. Money and freedom is the greatest way to change, may you be rich and continue to help others.

113 breast actives before and after pictures

Your style is very unique in comparison to other people I’ve read stuff from. I appreciate you for posting when you have the opportunity, Guess I’ll just bookmark this page.

114 ホテル

Hello there, You’ve done an incredible job. I’ll definitely digg it and personally suggest
to my friends. I am sure they’ll be benefited from this website.

115 Jocuri

my facebook account was hacked… you are responsible for this..

116 Tony

I can hack my girlfriend facebook account because she told me the password :D

117 Elma

Does your website have a contact page? I’m having trouble locating it but, I’d like
to shoot you an e-mail. I’ve got some suggestions for your blog you might be interested in hearing. Either way, great blog and I look forward to seeing it improve over time.

118 Rome Casino No Deposit Bonus - Ninanet.Net

If you intend to develop on your own an image of an negative participant
it is possible to. Remember on-line you can not begin to see the some others therefore there are simply no conveys to.

119 [GET] .02 FB Clicks Facebook Loophole 2 cent clicks DOWNLOAD

Paragraph writing is also a fun, if you know afterward you can write
if not it is difficult to write.

Previous post:

Next post: