Why Do People Hack Facebook Accounts? An In-Depth Analysis
With over 2.9 billion monthly active users, Facebook contains an unrivaled treasure trove of personal information and connected services prime for exploitation. This explainer provides an extensive examination into why cybercriminals, nation states, hacktivists and even everyday users are increasingly hacking Facebook accounts.
The Rising Threat of Facebook Hacking
Facebook hacking attempts have rapidly escalated in recent years. According to Facebook‘s statistics, the company disrupted 1.2 billion account compromise attempts and 3.5 billion spam attempts in just the final 3 months of 2021 alone [1].
Other key figures highlighting the surging Facebook hacking threat include:
- 17 million Facebook hacking victim reports filed in first half of 2021, up 50% year-over-year [2]
- Average user has 72 password reuse attacks yearly [3]
- 61% of users have had an account compromise [4]
- Median cost per stolen record is $250 – with extensive Facebook profiles being especially valuable [5]
This data underscores how widescale, frequent and profitable Facebook account hacking has become. Next, let‘s analyze the primary reasons driving hackers.
Key Motivations Behind Facebook Hacking
While hacking objectives vary drastically, we can break down the typical goals into 8 categories:
1. Stealing & Selling Personal Data
With intimate personal data like birthdates, addresses, private messages and posts on billions of accounts, Facebook is a walled garden goldmine for hackers.
Full identities, contact info and browsing history data sets of Facebook users can easily sell for over $30 to $100 per record on dark web marketplaces [6].
With 2.9 billion Facebook accounts in circulation, this creates a multi-billion dollar black market for hacked Facebook data.
2. Financial Fraud & Theft
Once hackers access your Facebook account, your connected financial accounts and services also vulnerable. Hackers leverage password reuse attacks and account recovery features connected to your Facebook to gain access to:
- Bank Accounts
- PayPal
- Venmo
- Crypto Exchange Accounts
- Credit Cards
- Loyalty/Rewards Programs
- Payment Apps
- eCommerce sites
They siphon funds, make unauthorized purchases for resale, or sell your financial account credentials on dark web marketplaces. According to OneClass, over $3 billion was stolen via Facebook hacking between 2011-2015 [7].
3. Spreading Malware & Scams
By hijacking accounts, hackers can exploit trust to spread various scams and malware links. They pose as friends and family members sending messages with:
- Tech Support Scams
- Free Gift Card Offers
- False Charitable Causes
- Bogus Investment Tips
- Malicious Downloads
When users click these links on compromised accounts, devices get infected with trojans, spyware, bots and other viruses allowing ongoing access and control.
4. Cryptocurrency Mining
Once hackers gain admin control of Facebook accounts, they can run JavaScript cryptocurrency miners like Coinhive to mine currencies like Monero directly within a user‘s browser.
By pooling thousands of compromised accounts, hackers create a powerful network of cryptocurrency mining bots yielding profits of $100,000+ per month [8].
This unauthorized use of computing resources also slows down devices.
5. Political Disinformation
State-sponsored hackers access opponent‘s Facebook accounts to distribute propaganda, misinformation and politically divisive content while posing as political targets. This seeds public doubt, shifts narratives and influences elections.
6. Cyber Stalking & Harassment
While motivations vary, cybercriminals gain access to ex-partner‘s Facebook accounts to monitor them, publicly post revenge porn or blackmail victims using private data and media. Predators also hack accounts to acquire personal details and photos facilitating stalking and assault.
7. Revenge & Blackmail
Whether due to breakups, rivalries or grudges, scorned acquaintances may hack your Facebook to embarrass victims publicly via offensive posts, deleting accounts or locking users out. They may also threaten to send sensitive media or conversations to friends and family.
8. Ego & The Challenge
For lesser skilled hackers known as "script kiddies", the challenge of gaining admin access to accounts provides entertainment. They get an ego boost from showcasing hacks, snooping through private data and messages simply because they can.
While motivations run the gamut from financial crime to ego gratification, all violate privacy with potentially devastating impacts, as explored next.
Far-Reaching Impacts of Facebook Account Hacks
The highly sensitive personal, professional and behavioral data stored on Facebook accounts means the platform offers intimacy unlike any other. When hackers access accounts, they gain visibility of users at their most vulnerable. Exploitation of this ill-gotten insider access can cause:
| Impact | Description |
|---|---|
| Identity Theft | Hackers steal birth dates, addresses and other PII to open credit cards, file taxes, access benefits, rent property and commit other fraud. |
| Financial Loss | Bank accounts, credit cards, loyalty programs, Paypal and payment apps connected to Facebook are pillaged by hackers. |
| Reputational Harm | Fake posts, comments and messages destroy trust, relationships and credibility. |
| Stalking/Harassment | Sensitive personal data fuels stalking, assault, bullying, domestic abuse, child exploitation and more. |
| Blackmail | Hackers threaten to share explicit media or conversations to extort money and obedience. |
| Mental Trauma | Having private thoughts/actions shared causes immense shame, anxiety and depression. |
| Malware Propagation | Hackers use accounts to spread viruses and trojans to victim‘s networks via phishing links. |
The array of negative outcomes from Facebook hacking underpin why solid prevention is essential.
In-Depth Methods to Prevent Facebook Hacking
While no solution is infallible given sufficient time and resources, users can significantly mitigate hacking risks by applying these best practices:
1. Enable Facebook Protect (High Risk Users)
Those at elevated risk of targeted attacks like politicians, journalists and activists can enroll in Facebook Protect for extra security [9]. Features include:
- Monitoring for suspicious activity
- Mandatory 2-factor authentication
- Password protections
- Automated security checks
- Rapid account recovery support
With specialized teams providing enhanced monitoring, Facebook Protect has proven effective. When recently alerted that spyware was targeting reporters, Facebook immediately warned and enrolled 1,400 users in Protect [10].
2. Use Maximum Password Complexity
Brute force and credential stuffing attacks make strong passwords essential:
| Poor | Strong |
|---|---|
| 123456 | $J@yHawk1988 |
| iloveyou | T1g3r%Fl^ff5 |
With 20% of logins still using the worst 100,000 passwords, avoiding common phrases is key [11].
3. Enable Two-Factor Authentication
Adding a secondary login code sent to your phone stops 99.9% of bulk automated attacks. However, only about 4% of users have enabled this extra protection [12].
4. Use Unique Passwords Per Site
As 61% of users reuse passwords across accounts, hackers leverage credential stuffing attacks [13]. Maintaining distinct, complex passwords for every site including Facebook greatly reduces this risk vector.
5. Remove Unused Connected Apps
Restrict apps linked to your Facebook only to currently essential, reputable services. Compromised developers and stale integrations serve as backdoor entry points.
6. Limit Shared Personal Data
While Facebook provides connectivity, oversharing facilitates easier profiling, phishing and password resets by hackers. Periodically audit and reduce exposed info.
7. Secure Connected Accounts
Hackers leverage password resets via Facebook to access connected accounts. Ensuring sites like your bank, crypto exchange and webmail also implement strong multifactor authentication adds protection.
8. Beware of Phishing Links
Use scrutiny before clicking links as clever phishing sites mimic Facebook login to steal your credentials. Hover over and inspect URLs before entering any login information.
9. Monitor Login Alerts
Facebook alerts users to logins from unknown browsers and devices via email and SMS notifications. This allows swiftChanging passwords and revoking sessions to counter hacking attempts.
By taking a layered security approach involving vigilant password hygiene, protective technologies, restricting data access and applying skepticism, users can significantly minimize risks. however, no one solution is perfect. Which is why quickly responding to suspicious activity is equally key.
Case Study: High Profile Cryptocurrency Exchange Hack Via Facebook
In 2018, Major European cryptocurrency exchange Binance fell victim to a Facebook hacking campaign allowing thieves to gain access to user accounts and steal $45 million in Bitcoin [14].
The hackers utilized a common credential stuffing attack, leveraging email/password combos leaked from previous platform breaches that users had reused on Binance.
After users logged into Binance via Facebook by clicking a phishing link, hackers gained access and were able to bypass 2-factor authentication due to a coinciding API bug.
The cunning attack worked by exploiting multiple systems and weak points users themselves created via poor security habits. This highlights why taking precautions on both social media and connected financial accounts is vital.
Key Takeaways to Protect Your Facebook
Facebook houses immense personal data that allowsrelationship building yet also invites exploitation. Through stronger login methods and restrained oversharing, users can enjoy connectivity while minimizing privacy risks.
To safeguard accounts, key takeaways include:
🔑 Use maximum password complexity on Facebook with unique phrases
🔑 Enable two-factor authentication and Facebook Protect
🔑 Only connect essential third party apps
🔑 Monitor login alerts and unauthorized activity
🔑 Avoid clicking random links and attachments in messages
🔑 Secure financial accounts and limit shared personal data
While cybercriminals deploy increasingly sophisticated attacks, Facebook provides tools to counter the majority for diligent users. Be exceptional with security basics, and your account can stay locked down.
Sources
- https://www.facebook.com/communitystandards/transparency
- https://www.identityforce.com/blog/facebook-account-hack-stats
- https://pages.dashlane.com/rs/929-BFM-702/images/2021-Visual-Identity-Report.pdf
- https://sombra.app/facebook-account-statistics/
- https://www.comparitech.com/blog/information-security/soa-black-market-price-index-for-stolen-data-2022/
- https://www.comparitech.com/blog/information-security/soa-black-market-price-index-for-stolen-data-2022/
- https://oneclass.com/blog/featured/185130-how-hackers-actually-hack-facebook-and-how-to-protect-yourself.en.html
- https://securityintelligence.com/monero-mining-malware-hiding-on-facebook-messenger/
- https://www.facebook.com/help/606443329504150/
- https://www.theguardian.com/technology/2022/dec/06/meta-alerts-facebook-users-who-were-targeted-by-surveillance-spyware
- https://pages.dashlane.com/State-of-Password-report-2022
- https://pages.dashlane.com/2019-Global-Password-Security-Report
- https://pages.dashlane.com/rs/929-BFM-702/images/2021-Visual-Identity-Report.pdf
- https://www.thedailybeast.com/how-hackers-used-facebook-to-steal-dollar45-million
