How do hackers hack an Instagram/ Facebook ID?

Ever wondered how hackers hack your social media accounts? The truth is 'Hackers know a 'way' to access a victim's account.

In today’s world, everyone uses social media platforms, and for each social media platform, we get a separate account. And oftentimes, they are hacked. Or in simpler terms, someone takes over our account. I mean, we all know someone whose Facebook ID was hacked in the past.

So in this post, I would try to explain how hackers hack an account. Because if you know how they are doing it, you have a general idea of how to protect yourself.

Hackers know a ‘way’ to access a victim’s account.

I am not kidding. Hackers know a way to access a victim’s account. Generally, they choose one of the following ways to ‘hack’ someone.

Hackers have an exploit

This is the most obvious way which most people think hackers use. They think that hackers know a way to access anyone’s account without entering a password, or they have access to everyone’s credentials.

But now, think about it rationally. For instance, let’s talk about Facebook. It is one of the biggest companies in the world. They are spending millions of dollars on security. In fact, they will happily pay millions to anyone ready to enhance or fix their security. So supposedly I know a way to get into their systems and steal their data, I would have two choices:

  • Help them fix their security, earning wealth and fame
  • Live in constant fear of being tracked down someday and earning pennies hacking someone’s social media accounts.

Now at this point, most people would choose choice 1, since it is a lot safer, and generally speaking, a lot more profitable. So if your account was hacked, there is a slim chance that an attacker has utilized this method.

You went to cyber café

Okay, going to a cyber café is not a bad idea. But browsing on social sites on other computers is a bad idea. Suppose you have visited a cyber café, open a web browser, and log in to your Facebook account. And after using, you have closed the browser window. But Facebook has this convenient feature that you don’t have to log in again unless you log out of your account. Since you have not logged out, any person who will use that computer, later on, will have access to your account. Account Hacked!! Simple isn’t it. All a hacker has to do is wait and strike while the iron is hot.

But I don’t use cyber cafés, and even my account was hacked!

If you fall in this category, then probably you are responsible for your demise. Reason?

Your password is weak and easy to guess

Oops, did I hit a nail? Did you really think no one’s gonna think your password could be Password@123 or yourname@site? As an attacker, if I am targeting a specific person, I would probably try commonly used passwords with your email. It would take some effort, but there are tools like Hydra, which can automate this process. And not to mention, they are free.

But my password is unique and not guessable!!!

Okay, suppose you have a Facebook account with the following credentials:

  • Email: iamsafe@gmail.com
  • Password: kvtrhkl%$@2145!

Now, this password is close to impossible to guess and you always log out of your account. But are you safe now? Not really. There can be Data breaches.

A data breach is when an attacker hacks any company and leaks all the data online. For instance, if Facebook is hacked someday, then a hacker can leak all the data. But even if Facebook is not hacked (obviously chances are slim), you are still at risk. Many websites offer the functionality to create an account to access their websites. Generally, those websites are not that secure. And frankly speaking, humans have the tendency to make things easier. They will not make unique passwords for each website. Instead, they will reuse the password. Or they will make passwords in a specific pattern.

Supposing you have an account on three websites: Facebook, Site1, Site2. Email used on all websites were the same and password used was kvtrhkl%$@2145!, kvtrhkl%$@2146!, and kvtrhkl%$@2148! respectively. An attacker has leaked credentials of all users for Site1 and Site2. So a hacker with access to those credentials can easily predict your password for other accounts by recognizing the pattern kvtrhkl%$@214_! where _ is a number. You know the rest I think.


How do I protect myself!!!???

Now that you know your account might get hacked in the future, the question is how do I protect myself?  

1. Use long and secure passwords

Ensure that your password is long and not predictable. No password is impossible to crack. But a good password is a password that is difficult to crack. Here’s a great website to check your password’s strength: https://www.passwordmonster.com

2. Change the password regularly

Changing password at a regular interval (like 3 months) is a great way to protect yourself. Even if your password was leaked in some data breach, it would be useless for a hacker if a specified time has passed.

3. No guessable passwords

If your password was abcd@1234 and after three months, you changed it to abcd@12345, it is basically giving away your password for the next iteration. So using passwords following a specific pattern is a bad choice.

4. Enable 2FA

2FA stands for two-factor authentication. Basically, you will get an OTP (One time password) on your phone or email every time you log in. This gives you an extra layer of protection.

5. Check if your credentials were leaked in a Data breach

How? Just try https://haveibeenpwned.com


Even after doing all that, your account can’t be 100% safe. But it would be 99% safe at least. I hope you liked the article and would be safe from cyber threats ✊


I am a Software Engineer/ Penetration Tester, with specialization in web applications and APIs. I love reading cyber security articles to keep me up to date. I also know python, C# and few other popular languages. linkedin