Those who use Facebook be careful!
Edit*
Ok obviously this probably wasn't worded as best possible hence some confusion etc so I'll rewrite below to make better sense and turn of events.
Someone with the email [email protected] added me to MSN at a bit on the Op’s night and said straight out that my Facebook account had been hacked by himself and if I wanted it back - At this point I immediately loaded up FB and changed my password after seeing nothing out of the ordinary –
Then a moment later I got a new message from this person saying that was lucky. They then pasted my Facebook password, the password that it was, not the one I just changed it to.
I asked how he knew this and he said by use of many backdoors in Facebook Apps.
I asked which apps, he didn’t give a direct answer but asked if I played poker which i don’t but in the recent past various Facebook friends have forwarded the texas holdem poker application request which I always decline / ignore.
He then said for me to be careful and stay away from Americans (yeah I was a bit confused by that too) and that I should clear my temp internet files – Now I was thinking that it must have been a warning and this person was showing what is possible but later into the convo he said he can get any password of anyone's from myspace, facebook, msn etc and that it only takes 20mins but it would cost £100 into a swiss acc in order to get someone’s password and that I should let him know if I wanted that service (!).
I played along and tried to get some more info with some innocent questions but his answers were vague like the one above about Americans.
It was then that I realised perhaps he tried to hold my FB account ransom but I had managed to lock down my account just before he could do anything.
He obviously had been browsing my FB profile as he knew my website address and asked questions about my photography and commented on the pictures etc so basically turning into a general MSN chat.
Shortly after he said to hang on a sec and wanted to show me something, he asked for my windows account password and said he can get in as the Administrator account and disable me but would rather not to save me the headache – Now I knew he was BSing big time because at the time both admin account in Windows and my local account shared the same password, he was most likely looking to see how gullible I was because he’d shown that he knew my Facebook password and that I may have been shocked by it and would oblige to his new request.
I did not and gave an excuse of “phone call 1 min”
I wanted to double check so check net > users in command prompt to make sure the administrator account was not active which it was not, I activated it then checked the Admin account stats, the last logon was back in Feb 2008 which was me. I then checked active services and processes in windows and nothing was out of the ordinary, there were also no abnormal network connections either.
His BS was confirmed now and I didn’t respond much further past this point and have not heard anything from him since.
It sounds like a scare tactic, get the Facebook password because that was probably quite easy to get via a hacked account or session exploit or something then use that information to surprise a victim and get them to oblige to new requests to give away passwords they cannot get because the victim will likely think they have access already so would do as they say?
Edit*
Ok obviously this probably wasn't worded as best possible hence some confusion etc so I'll rewrite below to make better sense and turn of events.
Someone with the email [email protected] added me to MSN at a bit on the Op’s night and said straight out that my Facebook account had been hacked by himself and if I wanted it back - At this point I immediately loaded up FB and changed my password after seeing nothing out of the ordinary –
Then a moment later I got a new message from this person saying that was lucky. They then pasted my Facebook password, the password that it was, not the one I just changed it to.
I asked how he knew this and he said by use of many backdoors in Facebook Apps.
I asked which apps, he didn’t give a direct answer but asked if I played poker which i don’t but in the recent past various Facebook friends have forwarded the texas holdem poker application request which I always decline / ignore.
He then said for me to be careful and stay away from Americans (yeah I was a bit confused by that too) and that I should clear my temp internet files – Now I was thinking that it must have been a warning and this person was showing what is possible but later into the convo he said he can get any password of anyone's from myspace, facebook, msn etc and that it only takes 20mins but it would cost £100 into a swiss acc in order to get someone’s password and that I should let him know if I wanted that service (!).
I played along and tried to get some more info with some innocent questions but his answers were vague like the one above about Americans.
It was then that I realised perhaps he tried to hold my FB account ransom but I had managed to lock down my account just before he could do anything.
He obviously had been browsing my FB profile as he knew my website address and asked questions about my photography and commented on the pictures etc so basically turning into a general MSN chat.
Shortly after he said to hang on a sec and wanted to show me something, he asked for my windows account password and said he can get in as the Administrator account and disable me but would rather not to save me the headache – Now I knew he was BSing big time because at the time both admin account in Windows and my local account shared the same password, he was most likely looking to see how gullible I was because he’d shown that he knew my Facebook password and that I may have been shocked by it and would oblige to his new request.
I did not and gave an excuse of “phone call 1 min”
I wanted to double check so check net > users in command prompt to make sure the administrator account was not active which it was not, I activated it then checked the Admin account stats, the last logon was back in Feb 2008 which was me. I then checked active services and processes in windows and nothing was out of the ordinary, there were also no abnormal network connections either.
His BS was confirmed now and I didn’t respond much further past this point and have not heard anything from him since.
It sounds like a scare tactic, get the Facebook password because that was probably quite easy to get via a hacked account or session exploit or something then use that information to surprise a victim and get them to oblige to new requests to give away passwords they cannot get because the victim will likely think they have access already so would do as they say?
Last edited:
