We can not deny the importance of social media websites in our daily life. A social media or social networking site helps people to connect with their friends, family, brands and celebrities etc. We share a lot of information on these websites including our personal and financial details such as location, photos and messages etc. This is the reason why hackers prefer to hack social media accounts for their bad intentions.
![](/uploads/1/2/6/4/126473252/874511700.jpg)
Facebook introduced a semantic search engine called Graph Search in March 2013. It was the giant social media site’s biggest foray into online search. Most analysts said that the Facebook’s social search is not strong enough to challenge Google as the world’s dominant search engine, but it will certainly take away quite a sizeable search share from Google especially on the local information. Hack any Facebook user’s photo/video Albums. This vulnerability was found by me in 2015 that allowed me to take down any albums on Facebook. Albums with thousands of photos and videos can be deleted instantly without the interaction of its owner. Graph API is the primary way of communication between the server and native/third party apps.
How can hackers hack Social media accounts?Not every internet user is educated enough in a way to understand how to protect their social media accounts. So in this article, I’m going to mention some of the most popular methods used by hackers to hack social media accounts and how to make sure that you won’t get hacked using those methods. PhishingPhishing is very easy and considered as n00b technique but it is one of the most effective techniques to hack social media accounts. There is 50-50 chance for a hacker to get victims password using Phishing if your victim is not aware of basic internet terminologies.
There are various ways of carrying out a phishing attack. The most common one is where a hacker creates a replica of a login page which looks like the real social media page. The victim will then think it’s the usual loginThe most common Phishing to create a duplicate of a login page which looks like the real login page.
The victim thinks it’s the usual social login page so he enters his login details in phishing page. Once the victim is logged in through the fake page, the email address and password are stored in a text file or in hacker’s database.How to detect Phishing Page?. Check URL of the login page. Never login your social media account on other devices. Use Modern web browsers that identify the phishing page. Avoid emails or text msgs that ask you to log into your social media account.2. KeyLoggingKeylogging is one of the easiest ways to hack a social media account.
A keylogger is a program that records and monitors the user’s input and keeps a log of all keys that are entered. The keylogger can actively send your inputs to hackers via the Internet. You have to be very careful while dealing with keyloggers because even the computer experts become victims of keylogging.How to detect Keyloggers?. Scan your USB drives before using them.
Download software from trusted sites only. Use a good antivirus3. Man In The Middle AttacksIn this method, the hacker secretly relays and possibly alters the communication between the server and victim who believe they are directly communicating with each other.The hacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the hacker.The Hacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of wireless access point can insert himself as a man-in-the-middle.How to avoid MIME attacks?. Use VPN services.
A proxy server to access the internet. Use good antivirus with good firewall options4. Social EngineeringSocial engineering is a simple method that’s based on collecting as much info from the victims as possible. The information may include the date of birth, phone number, security questions etc. Once a hacker gains access to this info, he can brute force the info or use recovery methods to get login passwords.How to avoid Social Engineering?. Never share personal info via email or phone.
Avoid links from unknown or suspicious sites5. Session HijackingWhen you log in to your social media account, your browser and the social media’s server maintains a session for user authentication. The session details are saved in your browser’s cookie files. In session hijacking, the hacker steals those cookies and then access the victim’s account.
![A Social Hack On Gmail Users Graph A Social Hack On Gmail Users Graph](http://2.bp.blogspot.com/-awDE37ee4sg/UxoJRlE4WyI/AAAAAAAAAFo/1cfv4RA5Q98/s1600/2014-03-07+09_58_50-How+to+Hack+Gmail+,+Facebook+with+Backtrack+5+or+Kali+linux+-+All+Tech+Hacks.pdf.png)
Session hijacking is most common when accessing Social media websites on an HTTP (non-secure) connection and it is widely used on LAN and Wi-Fi connections.How to avoid Session Hijacking?. Do not use Social media websites when connected to shared Wi-Fi or LAN. Try to clear cookies every 2-3 days or if possible daily6. Saved PasswordsMost of the time we share our login and credit card details in the web browser. Anyone can see your Social media account from your browser’s password manager. A hacker can get physical access to your computer and insert a USB programmed to automatically in the Internet browser or any other information the hacker may need.How to avoid Password Hacking?.
Try not to save passwords in web browsers. Do not share your device with people. Block the device connectors7. DNS SpoofingIf a hacker is on the same network which is connected to the Victim, he can change the original page and replace it with his own fake page and easily gain access to the victim’s social media account.How to Avoid DNS Spoofing?. Always configure it to be secure against cache poisoning.
Manage your DNS servers securely8. BotnetsBasically, botnets are networks made of remote-controlled computers or bots. These bots have been infected with malware that allows them to be remotely controlled. It’s expensive to set up botnets and this makes them be minimally used in cases of hacking login accounts. Some very popular botnets include spy eye and.How to avoid Botnets?.
Keep all your software up to date. Ensure that your firewall is always on.
Google patched a hole in its Gmail verification system last week that allowed an attacker to hijack a targeted Google Gmail account.The discovery was made by Ahmed Mehtab, a security researcher and founder of Security Fuse. The hack is simple to execute and requires less than dozen steps to pull off.The hack exploits an authentication or verification bypass vulnerability in a Gmail feature that allows you to send email from a second Gmail account. Mehtab said the attack is “similar to account takeover but here I — as an attacker — can hijack email addresses by confirming the ownership of email (account).” Exploiting the hack, an attacker can send email as if it was being sent from the compromised account.
In addition, the attacker could have email forwarded to the compromised Gmail address.The hack has one big prerequisite, however. The Gmail account targeted for hijacking must either be blocking emails sent from the attacker’s account, or be deactivated or be tied to a nonexistent Gmail account. Under these scenarios, Mehtab was able to send email as and.Google confirmed with Threatpost both the vulnerability and fixing the flaw.What the attack did not appear to allow Mehtab to do, of the hack posted by Mehtab, is access the contents of the targeted Gmail account or access related Google Account services such as Google Drive, Photos and Play where personal and financial information is stored. The hack is tied to the way Google handles linking a primary Gmail account to another email address to allow the function of message forwarding and using email aliases. In a video, above, Mehtab shows how he was able to trick Google into adding an email account to an existing account.To pull off the hack, Mehtab first went to his Gmail’s Settings menu and selected the “Send Mail As” option and selecting the “Use Gmail to send from your other email addresses” and select “Treat as an alias.” From here, as the video shows, Mehtab forces Google to send a verification email to add the Gmail address to his account to the nonexistent Gmail address that delivers a bounce back email message. Now Mehtab can access that bounce back message and pluck out the verification code number and successfully add the account to his Gmail account.“Any Gmail address which is associated or connected with Gmail’s SMTP was vulnerable to this security issue,” Mehtab wrote. That includes @gmail.com, @googlemail.com or @googleemail.com, according to Mehtab.“There is a scenario where attacker can trick victim in deactivating his account or attacker can also trick victim in blocking his email address,” he said.
![Social Social](/uploads/1/2/6/4/126473252/114518872.png)
“Once he does that we can hijack his email address easily.”Mehtab disclosed the bug to Google on Oct. 20. Google addressed the flaw the same day. On Nov. 1, Google added the bug to its “Hall of Fame,” according to Mehtab. “One of the sad part in this research is that, i was not rewarded for such a serious security issue but they acknowledged my research and listed me in Hall of fame,” he noted in his blog outlining his research.
![](/uploads/1/2/6/4/126473252/874511700.jpg)