1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked 30.000 Facebook Accounts, still noone cares...

Discussion in 'BlackHat Lounge' started by wiso4151, May 28, 2015.

  1. wiso4151

    wiso4151 Regular Member

    Joined:
    Mar 22, 2013
    Messages:
    472
    Likes Received:
    169
    Location:
    Just Do It.
    A few weeks ago i met a guy who steals/hacks facebook/instagram/twitter/... accounts on a big scale. I thought i share his method because it's a security issue and needs to be solved or not....


    1. Get a facebook account with 5000 friends
    2.Get friends e-mails with facebook to yahoo e-mail service
    3.take all the hotmail,outlook,etc e-mails
    4.insert them into a bot that checks if the account exist or not(microsoft kills your e-mail if not checked for i believe half a year)
    5.create a new e-mail with same name....
    6.request password change -> change password
    7.log into the account and repeat the steps (you should get plenty of new oppertunities for hackable accounts because you start with 1 account get 10 new accounts and so on....)
    -> he automated the whole process and got 30.000 facebook accounts with plenty of friends etc.

    if you start with a 5000 friends account you should get an average of 10-50 new accounts since a lot of people seem to use the mentioned services.

    facebook can't do a thing against this (unless phone verification)

    it's a security lack by microsoft and any other e-mail service that kills e-mails if not checked often enough.

    just let this thing exist and perhaps this will get noticed and a few people understand why their accounts got hacked...

    Oh and btw if your instagram account gets hacked,pished whatever its most likely him and his friends doing it on a big scale. I know he gets about 1-2 million followers a week by hacking/stealing with the mentioned method and another exploit he did not expain me yet

    noone cares...sad

    *if you need targeted e-mails -> simply add targeted friends in facebook and do the same yahoo thing and you should get a bunch of real e-mails for cpa and all that...
     
    • Thanks Thanks x 3
    Last edited: May 28, 2015
  2. bukake

    bukake Newbie

    Joined:
    Jun 27, 2013
    Messages:
    42
    Likes Received:
    8
    interesting .. ....
     
  3. wadehel

    wadehel Newbie

    Joined:
    Apr 27, 2015
    Messages:
    34
    Likes Received:
    7
    Occupation:
    degree student
    Location:
    CPU
    is it that easy?
     
  4. archon10

    archon10 BANNED BANNED

    Joined:
    Oct 10, 2011
    Messages:
    1,181
    Likes Received:
    8,223
    Wait, are you saying Microsoft reuses old emails? I kinda doubt it, although Yahoo announced that it would and tons of people bitched about it. It's a huge security flaw to allow reuse of email addresses and I would be surprised if Microsoft allows it.
     
    • Thanks Thanks x 5
  5. wiso4151

    wiso4151 Regular Member

    Joined:
    Mar 22, 2013
    Messages:
    472
    Likes Received:
    169
    Location:
    Just Do It.
    yes, they do...

    did it myself... it's a lot of work checking 200 hotmail... e-mails and check them, but if you automate the whole thing with a bot you can basicly hack more than enough to damage a lot of people
     
  6. archon10

    archon10 BANNED BANNED

    Joined:
    Oct 10, 2011
    Messages:
    1,181
    Likes Received:
    8,223
    welp, I guess they do http://www.pcworld.com/article/2052586/microsoft-is-quietly-recycling-outlook-email-accounts.html

    stupid retarded
     
    • Thanks Thanks x 6
  7. Raza Rizvi

    Raza Rizvi BANNED BANNED

    Joined:
    Oct 20, 2013
    Messages:
    339
    Likes Received:
    269
    True. I used to do this 4 years ago. But it only worked with hotmail.
     
    • Thanks Thanks x 1
  8. asap1

    asap1 BANNED BANNED

    Joined:
    Mar 25, 2013
    Messages:
    4,961
    Likes Received:
    3,185
    And you just spilled the beans on their method....so sad

    Plus this wont help get it fixed because its been the same for years, more people will start doing it.
     
  9. wiso4151

    wiso4151 Regular Member

    Joined:
    Mar 22, 2013
    Messages:
    472
    Likes Received:
    169
    Location:
    Just Do It.
    guess what happens if more people start doing this...
     
  10. asap1

    asap1 BANNED BANNED

    Joined:
    Mar 25, 2013
    Messages:
    4,961
    Likes Received:
    3,185
    Nothing.

    This has been going on for years and like you said your friend or whatever has automated the process and is hacking them by the thousands.
     
  11. Dioni

    Dioni Jr. VIP Jr. VIP

    Joined:
    Nov 21, 2014
    Messages:
    1,140
    Likes Received:
    410
    Gender:
    Male
    Location:
    Kosovo, Albania
    Home Page:
    Yeah I knew this method, used a yeas ago. But I used it to recover facebook accounts for my friends. Stealing facebook from someone it doesnt make you feel good!
     
    • Thanks Thanks x 1
  12. wiso4151

    wiso4151 Regular Member

    Joined:
    Mar 22, 2013
    Messages:
    472
    Likes Received:
    169
    Location:
    Just Do It.
    the more people notice this the more care... i'm not someone who keeps things that already damage at this size.

    you can't keep your mouth shut forever. at some point people need to fix this or it will always keep being something that can be used to damage a lot of people.
     
  13. phatzilla

    phatzilla Jr. VIP Jr. VIP

    Joined:
    Apr 9, 2009
    Messages:
    1,388
    Likes Received:
    1,024
    Confused about this part:

    2.Get friends e-mails with facebook to yahoo e-mail service


    How does somebody get your @hotmail email from facebook? isn't that private information?




    also, which email providers does this work with? Hotmail, yahoo? any others?
     
  14. wiso4151

    wiso4151 Regular Member

    Joined:
    Mar 22, 2013
    Messages:
    472
    Likes Received:
    169
    Location:
    Just Do It.
    great the first one who wants to repeat the method. already a success !

    1.- you can use services like yahoo to import your facebook friends to their e-mail system.
    it's the same facebook does when you register. it asks you to invite your e-mail contacts to be a friend with you.
    now yahoo asks if you want to add your facebook friends e-mail to your contacts... that way you can get every single e-mail of every facebook friend you have.
    great thing if you target friends and want to send e-mails to them.....


    that my friend is something you got to check for yourself... many...
     
  15. phatzilla

    phatzilla Jr. VIP Jr. VIP

    Joined:
    Apr 9, 2009
    Messages:
    1,388
    Likes Received:
    1,024
    I dont have the time or patience to actually use this, im just very surprised if it actually works...seems like a huge flaw.

    Would have to change my registered emails asap
     
    Last edited: May 28, 2015
  16. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,502
    Likes Received:
    8,428
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    that just might be enough for them to finally do something about it

    but yea, that's a huge security risks, fuck me if i care about facebook, but if the email acc can be re-registered, you can get access to any account which was linked to the email account originally and you can request a password change just by specifying the email address on the "forgot my password page", you can get into paypals etc.
     
  17. wiso4151

    wiso4151 Regular Member

    Joined:
    Mar 22, 2013
    Messages:
    472
    Likes Received:
    169
    Location:
    Just Do It.
    paypal funny story....
    i know a few sites where
    you can buy paypal accounts for $50 and get $500 in retunrn if you cash out (costs*10=paypal money)

    if you find the right people this hacking thing gets really crazy

    but i think anyone can guess why they sell those accounts instead of cashing themselves
     
  18. Neon

    Neon BANNED BANNED Jr. VIP

    Joined:
    Nov 3, 2013
    Messages:
    3,107
    Likes Received:
    7,705
    Gender:
    Male
  19. wiso4151

    wiso4151 Regular Member

    Joined:
    Mar 22, 2013
    Messages:
    472
    Likes Received:
    169
    Location:
    Just Do It.
  20. ShazzyBlackhat

    ShazzyBlackhat BANNED BANNED

    Joined:
    May 2, 2015
    Messages:
    184
    Likes Received:
    57
    where to get the bot which checks the email still exists or not?