facebook password retrieve scam

I was having some boring moment typing a document when facebook blinged with me being tagged somewhere. A couple of minutes later another friend shares this status:

There is a nasty script out there. People will ask you to open development console and inject hex codes to retrieve facebook emails and passwords. This is just a hoax which will keep on tagging your friends in pictures.

So, is there really a nasty script out there? Another friend of mine, Sherven, pinged me a few days ago enquiring the same. At that moment I was only tagged once and I simply complained to the tagger about why he tagged me. I didn’t bother looking further. Well, at that time I wasn’t tagged in a retrieve facebook password thingy, it was a Valentines event page. Today when I was tagged in the password thing, I thought of hacking into a bit. See screenshot on the right.

At the time of today’s tag, the post obtained 42 shares, above 800 likes and above 6000 comments. Each comment has on average 30 names (tagged), that makes us nearly 200,000 people been tagged already. (/_^)

I won’t go through the moral of open your eyes to whatever you click but instead I’ll share a simple knowledge with you folks. Web services such as Facebook, Gmail, Twitter etc, do not store your passwords in plain text. So, even if someone develops a method to retrieve some information from facebook’s database, it would only be a hashed-password, some encrypted thing and of no use to the common user.

Another thing you might ponder over, if someone really develops a method to acquire facebook’s user passwords, why in the world would he/she make that available to masses for free? The world isn’t so generous yet. Moreover, even if someone does such a thing, it would reach media first-and-foremost & facebook would react incredibly fast. If you look at the different tagging dates, you would notice it’s been around for days. Do you think the media or facebook itself is so slow to detect this? If you think so, then you’re a genius, I can’t really be of help to you.

Now, for the technical fun I opened the link to have a look at the code. I could understand nothing about it. That’s the first caution why I would not run such a thing in my browser’s development console. To confirm my doubts, I searched for the link in Google, to see if it’s referred somewhere else or somebody might have blogged about it. The URL is => http://pastebin.com/raw.php?i=pEjiAjXb

I couldn’t find that specific link mentioned in a blog or forum but instead I found a YouTube video using the same code to automatically change the facebook theme. I was like big lol! This is a super code then. You can use it to retrieve passwords, change facebook theme, maybe tomorrow other uses will show up as well.


Share this post