For those of you with Facebook accounts that were registered with a Microsoft e-mail address (outlook, hotmail, etcetera), then you had better change your e-mail address since now anyone can hack a Facebook account because of a security flaw from Microsoft caused by them recycling old Microsoft e-mail accounts.
How Someone Could Hack A Facebook Account With A Microsoft Security Flaw
The strategy that some people use to hack a Facebook account with a Microsoft security flaw is as follows:
1. They create/buy a Facebook account with hundreds or thousands of friends. This is an important step as you need to have people as friends in order to make this method work.
2. They use the Facebook-Yahoo Mail e-mail service. This service is used to import your Facebook friends’ emails to Yahoo’s e-mail system similarly to how Facebook asks if you would like to add your e-mail contacts to Facebook.
3. They hacker then scrapers all of the Outlook, Hotmail, and other Microsoft e-mails. They look for these specifically and ignore the other e-mail addresses.
4. They then check the e-mails manually or with a bot to see if they still exist. Microsoft “deletes” your e-mail as part of their e-mail recycling program if you do not check it in 6 months.
5. If the e-mail no longer exists, the hacker will create a new e-mail with same name. This is where the security flaw is, as anyone can now register your old e-mail address.
6. They will then go back to Facebook and request password change. Since the hacker now has access to your old e-mail, they can create a new Facebook password for your account.
7. Finally, they log into your Facebook account and repeat the steps. Accessing someone else’s friends list will also provide them access to your friends who may have the same vulnerabilities.
Please note that I have not tested this method out myself, so I do not know whether it does or does not work.
The Purpose of Stealing Facebook Accounts
The purpose of stealing Facebook accounts usually (although not always) falls into 1 of 2 categories: advertising purposes or social signals. In the case of advertising, having access to a large pool of friends can give an advertiser the chance to promote products and services based on what the hacked user enjoys as well as a chance to potentially gain access to more Facebook accounts through manipulating their friends. However, another common reason Facebook accounts are stolen is to gain social signals. By now, you should already be aware that your ‘likes’ and other interactions are worth money, but they’re worth even more if they’re coming from “genuine” accounts. By procuring these accounts, they can either be used in social media campaigns or, assuming they’re popular or have a poplar fan page, they can be sold to social media marketers for large sum of money.
How To Protect Your Facebook Accounts
There are a few preventative measures that you can take to protect your Facebook account for someone who is looking to hack a Facebook account using this method.
- Don’t use Microsoft e-mails to register your Facebook account.
- Change your Microsoft e-mail to a different one.
- Phone verify your account as an extra security measure.
- Phone verify your Microsoft e-mail account.