39 comments on “How to hack any Facebook account in under a minute, by sending just one SMS”

  1. I think the guy got paid 20k USD rather than GBP.

    1. Graham CluleyGraham Cluley · in reply to Martijn

      You're quite correct. I've fixed the article. Poor guy – that's even worse than £20,000!

      Thanks Martijn.

      1. Sean · in reply to Graham Cluley

        Does this method still work or has it been fixed

        1. Graham CluleyGraham Cluley · in reply to Sean

          The vulnerability has been fixed.

  2. spryte

    Interesting stuff… Gives one food for thought.

  3. Retard! He should have kept that method to himself and controlled accounts that had big fan pages. He could have made 20k+ per day from posting on big fan pages.

    1. Black Bloc · in reply to John K. (@CheapestGasEl)

      Some people have ethics, you know?

  4. Trip

    should have been awarded more.. unlucky!!

  5. shahid shakeel
  6. chabota

    my account got hacked and the hacker got my facebookpage do you know any one in facebook that can hrlp or can you hack him for me all i have is his ip address

  7. Rajesh Kumar

    I am facing some problem to open my facebook account and someone hacked my account and they changed everything under setting, please can you send me the password to open that account

  8. Phil

    Can u please help me hack my wife's fb account I know she's cheating thanks

  9. jabin

    Pls…… give me a video…

  10. Nitin

    Hii thanks for your info. I am from India and I want to hack some cheaters facebook account. But as you mentioned that the first thing we have to do is to send a message contains letter f to facebook. But to which number should I need to send as I was in India

    1. Graham CluleyGraham Cluley · in reply to Nitin

      Send your contact details to Facebook's security team. I'm sure they'll be interested in what you're trying to do…

      1. sadat · in reply to Graham Cluley

        How can I hackf FB account I want to hack could you please hack this account.

      2. Jim Dibb · in reply to Graham Cluley

        Some dumb individuals read your blog…

  11. arman khan

    my id suspended how can open my id please solve my problem and open my id

  12. Sophie Scott

    Can the person track your number, especially if they have your contact number?

  13. john gotti


  14. raza

    i am facing a problem with my facebool ID i just set the
    mobile login approval on my account but someone hack my ID and nw i
    am not getting a verification code and with that i don`t have any
    device in which i was login before and the 3rd thing is i am also
    not able to see my number on the verification code page

  15. texasgirl2010

    hey, im having trouble on the part where you
    "alter parameter ids from your own to the victim"
    where do I go to do that? what form is it? is it under our
    settings? im so lost on that part.

  16. sofia

    I have reported many times, a fake facebook account someone
    made under my name. Friends have reported it, and yet Facebook does
    nothing about it. Do you know what else can I do? Thank you! I have
    a USER ID but i Cant get an email from this fake profile, an email
    would probably help to find out who did it!

  17. roshan

    i know a security issue of facebook by which anyone can send message to anyone s profile as anyone on facebook… i want to contact facebook security team but how??

    1. Graham CluleyGraham Cluley · in reply to roshan

      Details on how to report Facebook vulnerabilities:


  18. nancy

    was wondering the other day I was on my facebook and I was
    chatting with someone and it got weird acting the home page and a
    chat box open and I was talking to someone in another chat box on
    there and the other chat box had no name or anything but said dummy
    on it and then it went away , did you even here of this and I only
    have 3 people on my facebook

  19. Entailed

    After finding out someone was pretending to be a specific model, I told this individual of my findings and then they blocked me. Someone else already reported this person and nothing has been done to strip the profile from facebook. Why doesn't facebook do anything about fake profiles? Thank you.

  20. Stranger


    i was adding a ph. no to my fb account. and the no. added was the id of my 2nd account and now I am not being able to access my 2nd account. Both the accounts have same password and id and still both are active. Now, when I type the id and password i can access only one account.

    Now, how to access the other one??? What went wrong??

  21. Lakshi

    you mean to say that facebook does not actually hide the number they ask for confirmation code??

  22. Shafie Madengu

    Am failling to open my account due to login approvals codes
    that i secured. I lost my codes so help me out.

  23. Vishu

    Its free or does it cost something…..

  24. ManBearPig

    He said the vulnerability has been patched. As if
    he's going to hack an account for you even if it
    wasn't patched, how stupid are you people? If
    you're worried about Facebook security, then
    don't post things you wouldn't want getting out.
    Or better still, get rid of your FB account, seriously, why anyone
    would want to openly profile themselves on the internet is beyond
    me. You're handing all the blackhats out there a gift
    should they decide to target you. All for what? Some narsisistic
    self glorification? Anyone who is serious about security either
    understands the risks, and works accordingly or they don't
    have a FB account. I got rid of mine and i miss nothing (except
    hourly updates on what people are eating, when their house is
    empty, and how special they think they are because they had a
    child, like people haven't done that for thousands of
    years!) . Facebook will go down as one of the biggest scams in
    history for obtaining endless quantities of personal information
    for free from willing participants who blindly enter in all their
    details, then they sell it on to advertisers who can then target
    advertising at these people. BTW Graham, nice blog mate, read it
    daily is a beauty.

  25. Paul Taylor

    Millions of lines of code should be no excuse. At some
    point, someone who should have known better has broken a
    fundamental principle of website security design. Facebook must
    have code-review procedures that are followed before any code goes
    live, so someone should have reviewed that code to ensure that it
    followed basic security principles. You should never rely on a
    username or ID sent from the web browser to authenticate a request
    unless the ID is accompanied by a password that only the real
    account holder could know, or unless the request is part of a
    session that has already been authenticated. This demonstrates a
    systematic failure in Facebook’s security procedures. If they can
    make such basic errors then can we really trust any such

  26. emma clark

    my fb id has been disabled !! :( :(
    i dnt have either a passport or a driving license that they ask for :'(
    how can i get my id back as it was my life :/ :( :'(
    plzz help me !!

  27. chukaman

    oh my gosh all the real morons come out to comment on a story like this one…

    graham, would two factor facebook auth have made any difference here? i'm guessing not, because the third party cellphone would be able to generate a working one time pin as well, or am i wrong here?

  28. Fire360Boy

    facebook & yahoo is verrry poor in security

  29. Are all these noobs retarded? "Help me to hack facebook accounts"!
    I'm glad you don't discriminate (read censor), otherwise i couldn't lmao with these peeps! ;)

  30. Time Roy

    Are all these noobs retarded? "Help me to hack facebook accounts"!
    I'm glad you don't discriminate (read censor), otherwise i couldn't lmao with these peeps! ;

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.