Some social engineering skills and Facebook will gift your account to hackers

If you want to hack a Facebook account you don’t need a malware or high-profile techniques, all you need is social engineering and photoshop skills and Facebook will gift you the desired account just like they did with Mr. Aaron Thompson.

A Facebook user shared his story on Reddit explaining how a hacker was able to get into his Facebook account without having any access to his email or password but just with the help of a fake passport. It all started when Mr. Thompson realized he’s being a victim of identity after losing access to his Facebook account.

What actually happened is that some hacker sent an email to Facebook claiming he is Aaron Thompson and wants Facebook to remove all security measures from his account as he has lost access to his mobile phone number. “Hi. I don’t have anymore access to my mobile phone number. Kindly turn off code generator and login approval from my account. Thanks.”

In reply, Facebook asked the hacker to send a scanned copy of his ID card or a photo in order to “confirm you own the account.”

The hacker then sent a passport image file to Facebook which was also forwarded to Thompson’s email account along with a response: “Thanks for verifying your identity. You should now be able to log into your account.”

While Thompson had no idea what’s going on he realised he has been locked out of his account allowing the hacker to have full access to his Facebook profile and business pages. The unknown hacker then sent a pic of his private parts to Mr Thompson’s fiancee.

At that moment, Thompson contacted Facebook with email screenshots trying to prove that someone has hacked his account by sending fake emails and passport ID he has nothing to do.

He also contacted Melanie Ensign of Facebook on her Twitter about the incident and received a prompt reply resulting in restoration of his account:

Aaron Thompson thanked Facebook for restoring his accounts but also left advice for the company to think about:

“This hacker was able to submit this request and hack the profile in four hours, all while I was sleeping. I didn’t even have time to see that someone was requesting this. There was no notification on Facebook, no notification on my cell phone.

“Given the severity of the theft of information, if someone were to hack into your account, I think Facebook should freeze the account to see if the owner does eventually use the original email or phone number to get back into the account.”

Thanks to his Reddit post which went viral and Facebook restored the compromised account but it also left a question mark on Facebook’s security and privacy measures as anyone with social engineering skills can fake anyone’s identity and trick Facebook into handing over their accounts to someone else.


. . . . . . . .

Leave a Reply