Facebook users be careful!
- Thread starter mrk
- Start date
This TBH.
Most likely outcome, or they used a nice bit of social engineering, and you giving your password (or other important data) away, so he could guess the rest.
Very few "hacks" are actually done via hacking, most are due to social engineering.
Oh, and if he knew your password why the heck didn't he change it as soon as you added him, either he was an idiot (unlikely) or he didn't know certain details needed to do it.
I don't think he anticipated me changing the password the moment I read his first message.
I did NOT give him my password through any social engineering or anything of the sort, I'm not a novice to be giving away passwords...I did however play along in an attempt to find out just how he knew my password. I knew he knew my password when I asked about it and he typed it into the message window.
The fact is there is/was a flaw somewhere with facebook and he was able to get the password somehow and I did not give it to him or anyone else.
I did NOT give him my password through any social engineering or anything of the sort, I'm not a novice to be giving away passwords...I did however play along in an attempt to find out just how he knew my password. I knew he knew my password when I asked about it and he typed it into the message window.
The fact is there is/was a flaw somewhere with facebook and he was able to get the password somehow and I did not give it to him or anyone else.
I don;t buy that if there was he should have gotten hundreds/thousands of them then blackmailed facebook as such a hit would be aa massive loss to them
Like that guy did with steam and the café accounts. (what the hell actually happened with that?)
Well that's the only explanation I can think of considering none of my machines were infected with anything, none of my other accounts were affected and only the facebook account.
Also we don't know if this person has done the same to anyone else or not.
Also we don't know if this person has done the same to anyone else or not.
If he did then I'd have noticed such activity 
He got my MSN address from Facebook as I did put it as one of the "extra info" bits about me in my profile.
Now the strange thing is that my profile was set to be only visible by friends so going back to the applications exploit/backdoor once again it would make sense if he had found such an exploit in one of my FB friend's applications maybe and got a bunch of people's details.
Remember he posted the wrong IP address first, maybe that London based IP was another victims - maybe that person wasn't as quick to change their password as I was but I have no idea who that person is.
He got my MSN address from Facebook as I did put it as one of the "extra info" bits about me in my profile.
Now the strange thing is that my profile was set to be only visible by friends so going back to the applications exploit/backdoor once again it would make sense if he had found such an exploit in one of my FB friend's applications maybe and got a bunch of people's details.
Remember he posted the wrong IP address first, maybe that London based IP was another victims - maybe that person wasn't as quick to change their password as I was but I have no idea who that person is.
u sure he didnt crack into that account
Fixed...
Having said that there may be slightly more of a chance he was actually hacked as it wasn't a major provider, but still that's the most likely suggestion.
For FB and email account? no.
But still the question remains, why didn't he change the password before he spoke to you? If he had cracked it through an app and had lots of details he would probably have realised by the time he got to you the first thing anyone would do in this situation is change their password.
Did he tell you your password before you logged into fb or after?
Did he tell you your password before you logged into fb or after?
Hmm interesting point, could he be using some kind of DNS/cookie monitoring maybe...
This is what he said at the start:
Code:
Date Time From To Message
11/01/2009 00:45:52 [email protected] (E-mail address not verified) robbie khan Hi there
11/01/2009 00:46:00 [email protected] (E-mail address not verified) robbie khan Nice car
11/01/2009 00:46:14 robbie khan [email protected] (E-mail address not verified) Hi
11/01/2009 00:46:15 robbie khan [email protected] (E-mail address not verified) cheers!
11/01/2009 00:46:38 [email protected] (E-mail address not verified) robbie khan listen, your facebook has been hacked
11/01/2009 00:46:44 [email protected] (E-mail address not verified) robbie khan by me
11/01/2009 00:47:02 [email protected] (E-mail address not verified) robbie khan do you want it back ?
11/01/2009 00:47:35 robbie khan [email protected] (E-mail address not verified) how has it been hacked ? (at this point I went into FB (bookmark link, already logged in so no need to log in again) and changed password)
11/01/2009 00:50:53 [email protected] robbie khan lucky escape
11/01/2009 00:51:14 [email protected] robbie khan (he pastes my password here, the old one, not the one I just changed it to)
11/01/2009 00:51:18 [email protected] robbie khan be carefullThe rest is just me trying to ask various questions to get specifics on how he gained access t my FB pass - which failed.
I asked how he got the password and he said "backdoors, lots of them" to which I respond "in facebook?" and he says "Yes" "Apps". He then asked if I played Poker and no I don't BUT in the past many of my added friends in FB would send invitations if I wanted to add the Poker application (I think it mass sends to added friend sif you add an application?) which I did not.
Perhaps a 'backdoor' exists somewhere there?
Anyway, he then told me to have a nice day at that point (!) and to stay away from Americans (seriously) and to regularly clear my cache which lead me to believe he was running some kind of backdoor monitoring in facebook looking for session cookies that are sent to FB when users log in?
If that makes sense!
I've never tried setting/reading cookies on a Facebook user as everything I need to do is done through the Facebook API, but it may be possible for application developers to read your cookies ( in which case, the application developers account has been compromised and the 'hacker' will have modified the application in such a way for this purpose ).
Saying that, I can't see any cookies which may contain any useful data from Facebook on my PC. I'd actually be quite suprised if Facebook did store password data as a cookie on your PC.
Saying that, I can't see any cookies which may contain any useful data from Facebook on my PC. I'd actually be quite suprised if Facebook did store password data as a cookie on your PC.
Soldato
- Joined
- 26 Jan 2003
- Posts
- 6,982
- Location
- Surrey
I'm glad you managed to change your password in time, I hate these people who occasionally pop up on msn that you don't even know (had random people add me a few times).
You've got me checking just what apps I actually have on my FB page now - as I don't remember using some for a long time and I did have a LOT back when I first joined!
You've got me checking just what apps I actually have on my FB page now - as I don't remember using some for a long time and I did have a LOT back when I first joined!
If you search an email on FaceBook, it will show you the account the email address is registered to, like a friends finder. If you search: [email protected], it brings up an account named 'Paul Rogers'..?