How your facebook password was stolen, and why

Druckfreundlich, PDF & E-Mail

by Dave Michmerhuizen & Luis Chapetti – Security Researchers

Here's something we hear regularly at Barracuda Labs…

“My mom called me and said that someone posted something bad on her facebook.  How did they do that? What should I tell her?”

Our two-part answer is simple.  First, mom probably clicked on something and unwittingly gave it permission to post to her wall.  Second, there is always a possibility that mom had her password stolen.   She should change her Facebook password at once, as well as change the password on any service where she might have used that same password.

Facebook passwords do get stolen.  Below is one example of how that happens.


It starts with a message like this one that spreads from one wall to another.

Clicking on the link in the message opens up what looks like a Facebook login page.

Facebook will pop up a login page in certain situations to make certain that you are properly authenticated.   In this case the login page is entirely fake and is not part of Facebook at all.

Suppose you were in a hurry and didn't take time to look at the URL of the page.   If you fill in your information and press the Login button, here's what happens:

As you can see in the image, your exact username and password are sent off to the Russian domain.   Once this is done, the browser is sent to a Facebook themed ‘survey' site.

These ‘survey' sites offer some gift in exchange for participating in an endless cycle of marketing schemes, many of which ask for personal information and none of which ever deliver the the promised gift.

The remaining question is why criminals steal Facebook passwords

and there are three good answers.

1. Personal information on your Facebook account can be used to piece together full-fledged identity theft.

2. A stolen Facebook account is the perfect vehicle for carrying out the Stranded Traveler scam.

3.  Survey scammers such as the ones shown here have to start their viral campaigns somewhere, and a stolen account, with its hundreds of trusting friends, is the perfect place to start.


With the new Facebook Timeline rolling out this week, users should be particularly careful with the personal information they make available on their pages.  As always, Barracuda Networks recommends that you be cautious with what you click on and change your password regularly as a matter of course.

Nach oben scrollen