I could argue that 100% of the programs you seen that claim to allow you to hack Facebook are false and are viruses such as Trojans.
Moving on, it is possible that you have been key-logged. It doesn't matter if you have a password that is 100 million characters in length. A key-logger does not need to know your password to log everything that you do. Everything you do, the key-logger captures. If your Facebook password is 30 characters long, every time you press a key on your keyboard, it is being logged. When you install some software, it could in fact contain a key-logger script without you knowing it.
It's not the fact that Facebook is insecure, it is the other malicious attacks that Facebook can not prevent that make it less secure. For instance, Master Card, is a very secure credit card for say. Now let's hypothetically say that if someone has a very insecure website that allows SQLi, and that same site also sells some product or service, when someone puts in their credit card information, it would be possible to hack their site via SQLi, and dump the database, recovering all of the credit card/information used. Now who is it to blame, the credit card company, or the site? Apply that style of thinking towards Facebook, and the types of attacks that can be done from other software.
Also, keep in mind that session hijacking and phishing are other possibilities.
Oh, and as a side note:
You said the person was an ex, and ex's usually know you pretty well. It is possible, and I have seen it first handed, that your ex could have went to your e-mail, and asked for a password reset. Usually the reset will ask you some questions such as "What is your favorite food" or something silly, it is possible that your ex could have done this and knew the answers regarding your chosen questions. I suggest after breaking up to change all the information that she knows, change your passwords, and change your security settings questions to things you know that she would never know.
Last edited by -Ninjex-
on Sat Mar 16, 2013 10:08 am, edited 1 time in total.
I don't care how ‘secure’ your systems are. If you have stupid people running them and using them, you can't win.
For those that know