Imagine someone got on the loudspeaker at the Denver International Airport and started yelling out over and over again, “my Facebook username is Johnny@gmail.com and my password is jerky123”.

Now the next day when everyone in their mom logged into his account, he would claimed he got hacked. But did he?

Guess what. Every time you are using a public wifi network, password protected or not, you are shouting to the world your username and password to every website you use that is unencrypted.

Right now, as I write this, I am sitting in the denver airport. Its pretty much dead right now. I can see maybe 100 people in the entire terminal.

I just fired up FireFox with the FireSheep extension. Within seconds I have access to various peoples Gmail, Facebook, Yahoo, Hotmail. Amazon, Hotmail, and virtually every possible service known to man.

Keep in mind FireSheep is just a Firefox plugin (Google it) that has been downloaded millions of times. This plugin is totally passive network monitoring at its easiest. Its been pre-programmed to sniff for certain usernames of passwords for pre-defined sites.

There are TONS of tools that will show you a lot more stuff.

As you can see here I accessed someones Facebook account… read some messages. Its great for passing spare time:

Google accounts are just as easy to get into using the brainless Firesheep extension. I don’t ever do anything malicious… Just maybe set people’s search results to Vietnamese or something:

If you are using a public network of any kind, wifi or not, expect many people see everything you are doing.

You didn’t just get hacked. You are yelling to anyone that can hear you your username and passwords.

So how do you become more secure? Well for starters you should always tunnel your traffic through a ssh connection, vpn, or another secure method.

But I know 99.9% of my readers probably don’t know what a VPN is much less will be able to configure one.

So lets start with the basics.

To make your Gmail account secure change this setting:

To make all your Google Searches secure use this – https://www.google.com (I set it as my homepage).

To make your Facebook surfing secure change this setting in your account preferences:

:

Any place you are not using https:// in the front of the url you are at you should expect everyone is watching what you are doing.

Keep in mind this was at a airport where nobody was using computers….

Imagine what I see at a internet conference…..

By Jeremy Schoemaker

Jeremy "ShoeMoney" Schoemaker is the founder & CEO of ShoeMoney Media Group, and to date has sold 6 companies and done over 10 million in affiliate revenue. In 2013 Jeremy released his #1 International Best selling Autobiography titled "Nothing's Changed But My Change" - The ShoeMoney Story. You can read more about Jeremy on his wikipedia page here.

122 thoughts on “How I hacked your Facebook account”
  1. Hi
    What a great article. I will go change my settings
    right now.
    It just gets worse and worse with identity stealing, just as it did with
    viruses and spyware… we’ll probably end up loading a ton of protection software
    before we can proceed with our daily tasks…

    Keep up this great blog – I love it πŸ™‚

    cheers
    Tina

    1. Hi my Facebook account just got hacked and the email address have been changed also. Can anyone help to advise on how to have my acct deactivated to ensure these evil bastards do not wreck havoc using my account? This is damn frustrating. I really need help

      1. Confermation my email account and password ,send me sms in my inbox.help me activate my email account .

    2. This is scary stuff. I’m going to change my settings as well. (Imaging everyone knowing what I did!) Thanks for this!

  2. That’s interesting that you say that because I feel there has been a TON of people sending emails/facebook posts about being hacked. I feel like one girl sends the message out every single month.

  3. Evil evil stuff. This is why I don’t like public networks. If you had larceny in your heart, you’d be dangerous!

    BTW you just publicly violated Facebook’s TOS 3.5: “You will not solicit login information or access an account belonging to someone else.”

    I won’ t tell….

  4. Wow is it really that easy to do this. I am curious and I am going to give it a try.

  5. Hacking is defined as unauthorized usage. You don’t have authorization to access these people’s accounts. Easy or not you have just admitted to the entire world that you have broken the law and have hacked these people’s accounts.

    Yes the passwords and session data are being broadcast in plaintext, but admitting to using them seems a bit crazy. It is 100% illegal.

    1. In computing, a hacker is a person in one of several distinct (but not completely disjoint) communities and subcultures: * A community of enthusiast computer programmers and systems designers, originated in the 1960s around the Massachusetts Institute of Technology (MIT)’s Tech Model Railroad …
      en.wikipedia.org/wiki/Hacking_(computing)

  6. Only thing I am curious about is why people are interested in other people facebook profiles etc.

    1. If you learn enough about someone, you can learn their security question answer (hometown, street they grew up on, first pet, etc)

      1. Which is precisely why you should always give nonsense answers to those security questions. My hometown? The moon. Street I grew up on? Sunflower seeds. First pet? Tyrannosaurus rex named Tevevision. Mother’s maiden name? Awesomesauce. It’s easy to find facts. It’s not so easy to guess nonsense. πŸ˜‰

  7. Already using these settings and Google 2 step verification enabled but only thinking to safe my facebook account. Using https but when you have to access any aaplication you have to change back to http. this is something where i have to take care of it

  8. while reading this article my url on the top begins with http:// and not https:// how to avoid this ? πŸ˜€

    wounder if it should be https:// on all the pages i visit while browsing different website daily.

    1. you are not exposing any personal information such as password or anything important here. so i don’t think every website needs ssl or https to be secured. πŸ™‚

  9. Wow thanks for the heads up on that! I consider myself to be very internet savvy and I had no clue this was so easy.

  10. Thanks for the HOT TIPS on hacking peoples accounts! πŸ™‚ VPN (Virtual Private Network) for those of you who don’t know how to Google. Thanks, Shoe! πŸ™‚

  11. This is hilarious, I constantly amazed how lackadaisical people are with there private information. Hopefully this wakes a few people up !

  12. Thanks so much for sharing this information. I definitely went in and changed all my account settings as soon as I read this. I’ve never felt safe on public wifi networks, but I had no idea it was this easy. I’m a little curious to try this, but it’s also kinda scary that you don’t know who could be watching your every Internet move!

  13. Note that certain applications take you away from https! They do tell you when you click them. What they do NOT tell you: The change your standard setting! So next time you enter facebook, you are back on http! So chech the url regularly, if you want to stay safe!

  14. A definite wake-up call. Thank you, I’ll be adjusting the way I use services.

  15. Facebook’s coming integration to payment solutions makes this issue much more serious for their accounts. Smart sniffers are building up lists of user/pass info now and waiting patiently for when they can do something useful with it.

  16. It is scary what people can find out about you on public wifi, considering it is so easy to protect all that information. I use soke software called Remobo on my laptop that creates a instant private network. Then using a simple proxy server on my home computer I route all the traffic through Remobo to my home proxy. Every thing is then encrypted. Works for me anyways. Better to be safe than have someone get my info.

  17. public wi fi is only good for catching up on the news. thanks for the tip though.

  18. Shoe,

    Can you explain how you/Firesheep is able to pickup usernames/pws from gmail, amazon, yahoo, and hotmail? When I visit those sites and attempt to login it appears that I’m on an https connection…

    Gmail.com: redirects to https sign-in page automatically
    Hotmail.com: redirects to https sign-in page automatically
    mail.yahoo.com: redirects to https sign-in page automatically
    Amazon.com: is http by default, but redirects to https sign-in page if you click “Sign-in”

    I was under the “assumption” that sending a user/pass via an https sign-in page was secure. So, I’m curious how you’re picking these up. Perhaps you’re getting people that are cookied, have pws saved in browser, and are just getting auto-logged-in when they visit these sites?

    Would be cool if you could shed some light on this b/c I don’t want to be seeing Vietnamese search results or have a goatse Facebook avatar after the next Pubcon. :p

    1. He didn’t get any passwords…he is just a show off…firesheep doesn’t GET the passwords, it hijacks the session cookie between you(the browser) and the site(for example facebook). The cookie DOESN’T CONTAIN THE PASSWORD… so please Shoe, explain to me how did you get the password using firesheep

      1. Can the session cookie still be hijacked if your user/pass was entered on an https page (does https matter here)?

    2. lol.. I haven’t heard the term goatse mentioned for years. You certainly wouldn’t want someone throwing that up on your profile.

  19. OMG, I am sooo changing everyone’s search results to Hindi or Chinese tomorrow πŸ˜€

  20. WOW!! No Way. Totally cool ShoeMoney. Thanks again for sharing your skills to pay the bills.

    TEddy

  21. Wow – Never even really put any thought into this issue before. Although I don’t access a lot of public wifi hotspots often, this is helpful in the future (considering more and more locations are getting wifi – it’s nearly everywhere these days).

    On another note, I bet you had a heyday passing time this way, eh? πŸ™‚

  22. Hacking is illegal. I would remove this post right away as you have admitted on a public blog to hacking other peoples accounts. You are making the problem worse by telling others how to replicate the hack.

    An irresponsible post.

  23. This is a great post Shoe and something that would save people like myself that forgets about this security issue sometimes. Especially as an internet marketer you always wan’t your privacy and internet connection secure and free from prying eyes and hackers.

  24. You said
    “Just maybe set peopleÒ€ℒs search results to Vietnamese or something”

    Wondering why you felt the need to do anything at all? That little prank might be a big deal for a newbie that may lose hours of productive time trying to figure out what the hell happened.

    Just because you can, doesn’t mean you should.

  25. Great reminder and article. We develop a false sense of safety and security. I’d never heard of that plug in either. Will make me think twice over public networks. Thanks.

  26. Does this means security browser has the impact, and Fb server not protected as well?

  27. I didnt have a clue it was that easy! Definitely time to change my settings.

    Thanks πŸ™‚

  28. Not for nothing but yes it is stupid to log into public networks with key information. That said you opening those people’s profiles and emails that are not yours is most certainly hacking. You could have written this same article without breaching people’s privacy. I have to say I have been following you a long time and found this pretty surprising.

  29. Pretty nifty tool.

    I was looking for where to browse with https in Google and couldn’t find it …

  30. Hey, i would like to tell you thanks for giving us that very informative blog post. it is absolutely a to some extent interesting page.

  31. Just found your website last night and I got to say LOVE It. keep up the great work right now iam going to go get firesheep.

  32. Jeremy,

    I’m surprised at how few people know about this.

    Once I learned about it, I added the ability to make my cell phone a wifi 4G hot spot and never use public wifi’s at airports (and even hotels) to connect to the internet.

    I can only imagine what you can find at Internet conferences!

    Brian

  33. If you want to help protect yourself against Firesheep go and download Blacksheep from Zscaler. It will detect if someone is tryng to hack you using Firesheep. Also follow the advice above. In addition to Facebook and Google I’d recommend setting your Twitter profile to use https as well.

  34. This is like so fuckin’ noob…If I use something like BACKTRACk, there’s no way you’re gonna protect yourself and agian backtrack is just the beginning! Hacking tools we linux pros develop are 1000 times better than that stupid firefox plugin!

  35. Yeah shure – theare many ways around this, not only the plugin, also there is a vpn you can buy, so your whole traffic is encrypthed, if you are in affiliate marketing, it can safe you lots of money to buy one of these

  36. Does it work when the victim is in a different other than my network? If yes, then it’s ok. But if it doesn’t work then what should I do to hack that victim’s password?

  37. Outstanding – I ought to certainly pronounce, impressed with your site. I had no difficulty navigating by indicates all the tabs also as linked info ended up being genuinely simple to accomplish to accessibility. I lately discovered what I hoped for ahead of you understand it whatsoever.

  38. It is so easy indeed to hack into some accounts….
    Is it bad if I want to download the firefox plugin to snoop around πŸ˜‰

  39. Major food for thought here……. Thanks you very much Jeremy for bringing this to our attention. I spend a lot of time in public places on wifi and I cringe at the thought that someone has been “watching” me? Just changed both my Facebook and Gmail settings as instructed. Feel a bit better now. Would there be any other things people could get access to this way? Such as internet banking?

  40. Why would anyone care about their Facebook account being hacked? What have you got hidden there? What your lame friends are saying about their noneventful lives? Hack away…

    1. Hi Folks — hoping someone here can help me. My son’s crazy ex-girlfriend has hacked into BOTH his FB and his email. His email address is attached to his FB account, and she has changed everything so HE cannot access HIS FB account, nor can we figure out how to fix the problem because she changed the email addy attached to his FB, so doing a password reset isn’t feasible — it would just send the information to the email she has set up for his account. I tried to report as hacking in FB, but have the same issues – it will just send an email to HER. Shame on him for giving her his passwords in the first place……you’re an idiot when you’re that young and “in love”. Hahaha. Sure appreciate help from anyone out there……..cheers.

  41. I try to keep away from public networks whenever possible but didn’t realise it was that easy for my details to be given to all and sundry.

    Thanks for the info – it’s actually pathetic that we have to live our lives worrying about this sort of crap.

  42. Oh man… I had no idea that this was even available. I have always wondered how people were able to hack accounts. This can be pretty scary.

  43. Hey any one hack a facebook page for me? page got 6000 fans

    if you can get it banned / deleted in any way ( through bulk report abuse etc ) i can give you 50 $

    & if you transfer the admin i will pay you 100 $. ( also tell me how many days i will remain the admin )

    If you cant do this work freely tell me you cant do as i will pay you when you got the work done.

    Also tell me how i will pay you?

    Thank You

  44. Hello my friend facebook account is hacked so now how may i can hack it n return to him?

  45. Hi, i think that i noticed you visited my site thus i got here to go back the favor?.I am trying to find things to enhance my website!I guess its adequate to make use of some of your ideas!!

  46. Thanks for this info-you probably saved hundreds of people from having their 411 hacked, me included. I’m going to change my own Google settings now, too, as I often use WiFi at my daughter’s gymnastics practice. Thanks again!

  47. Can u only download firesheep with pc or can it b done without pc iv been trying to get this addon for a minute plus winpcap but get anything done with my maxx tks

  48. My brother recommended I might like this website. He was entirely right.
    This post truly made my day. You cann’t imagine simply how much time I had spent for this information! Thanks!

  49. I’d like to thank you for the efforts you have put in writing this site. I’m hoping to view
    the same high-grade blog posts by you later on as well. In truth, your
    creative writing abilities has encouraged me to get my very
    own blog now πŸ˜‰

  50. I was suggested this blog by my cousin. I’m not sure whether this post is written by him as nobody else know such detailed about my trouble. You’re amazing!
    Thanks!

  51. I’ve learn some excellent stuff here. Certainly worth bookmarking for revisiting. I wonder how much effort you place to create one of these wonderful informative web site.

  52. Hi there to every body, it’s my first pay a quick visit of this webpage; this webpage includes amazing and really excellent data in favor of visitors.

  53. This is my first time visit at here and i am really impressed to read all at single place.

  54. Link exchange is nothing else however it is simply placing the other person’s blog link on your page at suitable place and other person will also do same in favor of you.

  55. Great article! This is the type of information
    that should be shared around the net. Shame on Google for not positioning this post upper!
    Come on over and talk over with my website . Thanks =)

  56. Thanks for finally talking about >How I hacked your Facebook
    account – ShoeMoney Internet Marketing Blog <Liked it!

  57. Hey! Do you know if they make any plugins to assist with Search
    Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results.

    If you know of any please share. Kudos!

  58. Hi, I do think this is a great website. I stumbledupon it πŸ˜‰ I’m going to revisit once again since i have saved as a favorite it. Money and freedom is the greatest way to change, may you be rich and continue to help others.

  59. Your style is very unique in comparison to other people I’ve read stuff from. I appreciate you for posting when you have the opportunity, Guess I’ll just bookmark this page.

  60. Hello there, You’ve done an incredible job. I’ll definitely digg it and personally suggest
    to my friends. I am sure they’ll be benefited from this website.

  61. I can hack my girlfriend facebook account because she told me the password πŸ˜€

  62. Does your website have a contact page? I’m having trouble locating it but, I’d like
    to shoot you an e-mail. I’ve got some suggestions for your blog you might be interested in hearing. Either way, great blog and I look forward to seeing it improve over time.

  63. If you intend to develop on your own an image of an negative participant
    it is possible to. Remember on-line you can not begin to see the some others therefore there are simply no conveys to.

  64. Paragraph writing is also a fun, if you know afterward you can write
    if not it is difficult to write.

  65. I have tried him and i have confirmed his good work among all of this hackers out there,His

    work is legit and affordable, if you have got any issues with hacking, probably a cheating

    partner or you wanna change your school grades, clear ur criminal record or spy on someone,

    also facebook hacks and so on. hit the great guy up on (computerhackguru@gmail.com) and

    consider your big problem solved.(computerhackguru@gmail.com) is the best.

  66. Hello everyone! I had seen so many recommendations on trustedhacker205@gmail.com, so I contacted him to help me Clone my wife cell phone and WhatsApp. Just like Magic, I got the files to get it done and I have access to my wife phone. He was really efficient and I have access to everything including phone calls, logs,sms,surrounding and location. What I like about the job is that it cannot be traced back to me. I have this working for 3 months now. I am just another satisfied customers. Thanks to trustedhacker205@gmail.com

  67. Professional Hacker is Here Now !!!!! I Robin Weiss popularly known as trusted hacker, well basically i perform all sort of hacks and penetration into any and i mean literally any database. Hack Facebook ? Hack email? change school grades? Hack Visichat Room ? Hack Flash Chat Room ? Hack Ftp User & Pass ? Hack Database ? Hack Yahoo Mail ? Hack Gmail Id ? Hack Websites ? Hack Face Book Account ? hack Vb Forum ? Hack WordPress Blog? hack C C any country ? hack moneybooker ACCOUNT ? hack liberty Reverse Account ? hack paypal Account ? Root server ? bypass Google phone verification ? Install Red5 On linux server ? Hash Crack ? Hack Bank Account ? Ddos Service ? hack twitter? erase criminal records?(trustedhacker205@gmail.com) Text or Call 8622102583

Comments are closed.