Monday, 8 July 2013

Vulnerabilities in Facebook (Security question)

Hello everyone, today I want to discuss some vulnerabilities in facebook.
We all know that daily thousands of accounts are being hacked. People do this for many reasons. what ever the reason is, they needn't be a computer stud to do it. Let's see how people can simply get your account by following 5 steps, and also precautions to be taken to protect it.

Common ways to hack an account are phishing, by using a keylogger, by hacking primary email id and resetting password, social engineering or just guessing.

Now lets start with the social engineering. Many of us may think this is difficult, trust me, this works.

Let's start.


 To know the username or primary email address of account.

          For this go to the persons account and look the address bar or url bar.
For 80-85% accounts you can know user name by this way. 
But for some accounts you will end up with the following address bar from which you cant get the user name. 

You can guess the user name or you have other two options with you, Primary email address and recovery phone number. If you know the person then you can have any one of these two easily.

Step 2:

Now go to facebook and click on forgot your password.
You will then be redirected to identification check page.

enter the username or primary email id or the phone number. Press search.

Step 3:

Now you will be recovered to account recovery page.

Click on no longer access to this.

Step 4:

Now there are two methods
 1. Security question
 2. three friend method.

Now if the person kept a security question then it will direct you to a page and ask you for your new email id.

Click on any email-id (no need to be yours as this is just to know the security question).
This will direct you to their security question. This is the main step. To reach this point wont take more than few minutes.

Now if the security question is something like---

  • What is your home town 
  • In what city or town your mother born
  • Father's occupation...
These questions will make your day so simple as at some point of time you will know these from the person himself.
So if you can guess this then you can reset password.

Step 5:

Make an email account and you can reset.But wait vulnerable day. As in facebook they can get the account back within a day. So if you don't choose a right day then your work is vain.
      If this happens then facebook will block this feature for some days, but appears again in some days.

Precautions to be taken to secure account:

  • If you cant keep a unique security question then better don't keep it.
  • Its better to open account at least once a day.