Facebook Hacks? WTF?!?!

[Minimac]

So recently, I've had a bit of a crappy break up with my ex. Like, this break up has been going on since December now and it's starting to get a bit out of control. I logged into facebook the other day and noticed that some things had been changed. I didn't pay much attention to it at first, but when I logged into facebook again later that day my account had been blocked. Apparently, she had hacked into my facebook to look up info about some girl she accused me of running off with. Now this terrified me. I did some research and I've found SOOOOOO many websites and computer programs that can apparently hack Facebook using MD5 and UFD2 hash codes. WTF?!?! THIS IS SO SCARY!!! Is this stuff real? Can someone actually get a hash code and decrypt it to find my password? Someone please put my mind at ease here

[WallShadow]

in short, yes, someone can get your hash code, decrypt it, and login as you. but in reality, no, the chance of them getting your hash code is very small. to break into Facebook's servers would be a stunning feat. most likely, you fucked up somewhere sometime; either she found a little sticky post somewhere with your password, or you caught a virus or worm and it caught you logging in with your password and then sent the username and password to a special site, that site then sold the username and password to your ex for a hefty price.

[Minimac]

Jeeez, so even though it's unlikely, it can still be done? I stay away from all weird looking emails that take you to other sites and I never leave my password lying around. How the heck does something like this exist?! I thought facebook would keep password's safety as their highest priority.. This is very distressing

[3vilp4wn]

It's also possible that someone put a keylogger on your PC while you were entering your password.

[Minimac]

It's also possible that someone put a keylogger on your PC while you were entering your password.

No it definitely couldn't have been that. My laptop is locked and bolted with a 32 digit password, and I never let people on my laptop anyway. I just don't understand how people can find information like my email address, my facebook hash and my facebook ID... It's pretty terrifying how unsafe people are online

[3vilp4wn]

No it definitely couldn't have been that. My laptop is locked and bolted with a 32 digit password, and I never let people on my laptop anyway.

It's possible. You have 2 things to consider:

1.) It could have been a hardware keylogger.
2.) It's possible to install a software keylogger with a live linux USB/CD. If someone did that, your password wouldn't matter.

That said, it certainly could have happened online. Another likely scenario, is that a packet sniffer was used. Less likely because facebook uses HTTPS, but if someone got the password for another account, and it was the same as your facebook account, then you're screwed.

[-Ninjex-]

I could argue that 100% of the programs you seen that claim to allow you to hack Facebook are false and are viruses such as Trojans.

Moving on, it is possible that you have been key-logged. It doesn't matter if you have a password that is 100 million characters in length. A key-logger does not need to know your password to log everything that you do. Everything you do, the key-logger captures. If your Facebook password is 30 characters long, every time you press a key on your keyboard, it is being logged. When you install some software, it could in fact contain a key-logger script without you knowing it.

It's not the fact that Facebook is insecure, it is the other malicious attacks that Facebook can not prevent that make it less secure. For instance, Master Card, is a very secure credit card for say. Now let's hypothetically say that if someone has a very insecure website that allows SQLi, and that same site also sells some product or service, when someone puts in their credit card information, it would be possible to hack their site via SQLi, and dump the database, recovering all of the credit card/information used. Now who is it to blame, the credit card company, or the site? Apply that style of thinking towards Facebook, and the types of attacks that can be done from other software.

Also, keep in mind that session hijacking and phishing are other possibilities.

Oh, and as a side note:
You said the person was an ex, and ex's usually know you pretty well. It is possible, and I have seen it first handed, that your ex could have went to your e-mail, and asked for a password reset. Usually the reset will ask you some questions such as "What is your favorite food" or something silly, it is possible that your ex could have done this and knew the answers regarding your chosen questions. I suggest after breaking up to change all the information that she knows, change your passwords, and change your security settings questions to things you know that she would never know.

[WallShadow]

OP are you referring to a hardware or software password? a software password won't do anything to stop someone from using a live-cd, but a hardware password is a constant problem for us. kinda no way around it

[blackmamba92]

if you are a lot on free/open wifi networks you should google droidsheep. It is easy to install on android tablets/phones. the program captures coockies and you could simply capture someones login id. It is possible that when someone captured it and paste it in his browser he could easily access your account.

My appologies for my grammer but english isn't my native language.

hope it helped.