Facebook account hacking service could lead you into danger


HackbookA website which offers an easy way to hack into Facebook accounts could actually lead users into unexpected danger, a security researcher has warned.

Joshua Long says that he stumbled across the French-language “Hack-Face” website, which claims to serve up a password to access anyone’s Facebook account, after he received a spam comment on his own blog.

Amusingly, the site at first claims to offer a “recovery” service if you find yourself locked out of your own Facebook account (maybe you’ve been drinking the sherry too much, and forgotten what you changed your password to) but very rapidly becomes more up-front and acknowledges it can be used to break into anyone’s account on the social network.

Facebook hacking service

But what the site would *really* like you to do is create an account with them.

Of course, if you’re one of the many people who is still using the same password for multiple websites that’s a very bad idea. After all, you could have just given this “Facebook-hacking” website the same password as the one which protects your own Facebook account!

That would certainly be quite a sneaky way of building a database of usernames and passwords.

Josh wasn’t slow to spot the irony:

If someone stumbles upon this site and tries to use it to hack someone else’s Facebook account, they may end up getting their own account hacked instead.”

Things can get even worse still, however.

If you attempt to hack (sorry.. recover the password for) a Facebook account, you will be prompted to send a couple of SMS text messages to a number which appears to be related to premium rate services.


Although there’s no obvious mention of it on the website, each message may cost the sender €4.50, and who knows if you are effectively signing up to receive more costly and nuisance messages in the future.

You should never trust a website which offers to hack into an account for you. If you’ve lost access to your own account, contact the website’s support team and learn how you might be able to regain access. And never forget that breaking into someone else’s account is a criminal act.

You can read more about this threat on Josh’s own blog, and further details on the Intego blog.

If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.

Tags: , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , ,

2 Responses

  1. Neil Schwartzman

    August 8, 2013 at 1:53 am #

    they have a whack of similar domains on the nameservers

    piratage-facebook .com
    piratage-facebook .ws
    pirater-face .com
    pirater-facile .com
    pirater-un-compte-facebook .com
    pirater-un-facebook .com
    pirater-un-facebook .ws
    pirater-wifi .com
    pirater .co
    pirater .org
    piratercompte-facebook .ws
    piraterfacebook .ws
    piraterfacebooks .fr

    • Carson in reply to Neil Schwartzman.

      August 9, 2013 at 9:50 am #

      Thats always an indication for a legit company.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.