* Okay, imagine that I'm just after randomly finding your profile while browsing around Bebo. I read your introduction to see what you're all about and I've just noticed that you've posted your email address up for everyone to see. Straight away, I've found a weakness in your account. You see, most Bebo profiles are hacked via the email that is registered for that account. And I'll show you how.
* So anyway, I now know your email address and didn't even have to do anything special in order to find it. I open up another browser or tab and head straight to the Hotmail login form. I click on the "Forgot Password" link and I'm brought to another page. This page asks me to enter my email. But I don't enter my email. Instead, I enter yours. After entering your email address I am brought to yet another page. This time, I'm asked to enter a Postal Code and I'm told to answer your secret question. This is where I have some work to do.
* Let's say for example that your secret Hotmail question is "Mother's birthplace." I now know that I have to find out where your mother was born and where you live in order to get your postal code. I start looking for the postal code first. I go back to your Bebo page and see if you've listed where you live. If you've told people where you live, I'm feeling lucky. If not, I simply check the hometowns of your top five friends. Seeing as people usually have people from their own hometown as their top five friends, I'm going to assume that you're from the same place that they are. So, three out of five of your top friends are from Newcastle. Therefore I'm going to guess that you're from Newcastle. If I really want to be sure, I'll just check some of your other friends. I'll also scan your profile to see if you've written about any placenames. If you have, I'll just use Google to find out where it is. After finding out what county you're from, I simply head straight to Wikipedia and go to the UK Postal Codes page. In this example, imagine that you're from Newcastle. I scroll down to find Newcastle. And there it is. A postal code for Newcastle. Wallah.
* Now I need to find out where your mother was born. To try my luck, I'm going to try Newcastle, especially seeing as many people are careless enough to have such an easy question. If it's not Newcastle, I'm going to go back to your Bebo profile and have a closer look at your friends list. I'll check your relationship with each friend, noting down anyone who you called "Family." I'll then check to see where they're from. If there is one particular surname that is different from your own that keeps popping up, I'm going to assume that those are from your mothers side of the family. After finding out where they all live, or, after reading their profiles for clues to where they have lived, I'll head back to Hotmail and enter anything that I've found. If I do find it and I'm correct, Hotmail will bring me to a new page asking me to enter in a new password. I enter a new password and gain access to your account. I then change your secret question so that you cant get the email address back. Your account is now mine.
* I head back to Bebo and go to the login page. I pick the "Forgot my password" option. I'm now asked to enter an email address. I enter in your email address (the one that I just hacked) and press ok. An email has now been sent to your email address asking you to reset your Bebo password. The only thing is. I now own your email. So, I simply read Bebo's email and click on the link that they sent you (or thought that they were sending you). This brings me straight into your Bebo account and asks me to enter a new password. I enter a new password and your Bebo profile is gone forever. All because you were careless.
* But what if it was another secret question I hear you ask? Well, what if I set up a fake account pretending to be a hot member of the opposite sex? I say that I'm new to Bebo and that I need friends in order to make it look less empty. You of course are feeling too smitten to realise that something is up. I set up a blog that asks people loads of questions. I call it the personality tester or some other generic name that explains the reasoning behind me asking such questions. Hidden in between loads of other questions are the same ones that Hotmail have for their secret questions, all spread apart and worded differently in order to avoid giving you a memory trigger. However, you don't realise that anything is wrong because you're too busy wondering what kind of personality you have. Or you're too busy trying to stay pals with your new mate. I ask you to do my blog and you work away at it. You can't even remember what your secret question was because you set up your account so long ago. The truth is. You want to trust people. Even if you do realise that it is your secret question, you'll choose to trust me because that's what people want to do. You don't want to believe that I'm somebody trying to hack into your Bebo account. You'd rather believe that I like you. And without knowing, you've just handed me the answer to your secret question. Wham. Your accounts are gone. Social engineering just kicked you in the nads.
* What the email you have listed on your account isn't the one that you registered your account with? Well, I simply just ask you to add me, telling you that my Internet is slow and that it always freezes up when I make a friend request. You probably wont even ask why. You'll just do it. And when you do add me, I'll recieve a friend request from you. On your friend request will be your email address. Yes. The email address that you registered your Bebo profile with. I then just repeat the steps above. Wallah.
* Now, what if your profile is private? Well, I might test my luck. If I go to add you as a friend, I will be brought to a new screen. This screen will show me your Bebo username. It will also show me the top half of what you have written on your profile. If you've posted your email on your Bebo, even if its on private, I still might be able to see.
* If I can't hack your hotmail. I'll test my luck at guessing your Bebo password. First I'll try the password password. Yes. The most commonly used password in the world is password. People think that they're being smart, but they're not. I'll also try Password123, 123Password, abcPassword, Passwordabc, letmein etc. I'll try your username as your password. Or your name along with your birth year. So, imagine your name is John and you were born in 1987. I'll try John1987 or John87. I could test to see if your email address is your password or if your Bebo other half's name is your password. Maybe if your other half is called Mike, I'll try ilovemike or iluvmike. Or your name and Mike forever? Maybe the team you support? The band that you like? Your favourite song title. If any of these are ringing alarm bells, you know what to do! Change your Bebo password now.
* If I can't guess your password, I might use brute force. Brute force is when somebody uses a dictionary-attack program that will automatically keep trying different passwords on your Bebo account. What the program will do is load in a long list of common words that are found in the dictionary. Along with names, placenames, numbers and everything else that you can think of. This program will test these words on your account. It will test variations of those words. The good thing about Brute force programs is that they can take days if your password is a strong one. They may never even find it. The program would need to be running for days on end without being touched. And what could this result in? Nothing. However, if you do use common words in your password, this piece of software could crack your account in hours. As far as I'm aware, Bebo prevent brute force methods by cutting off access to the account after a number of failed attempts. So, if the program tries six passwords, and none of them match, it wont be able to try again for another hour, which basically means that it could take years for me to crack your account password if it's a strong one. And yet again, it might never find it.
* If none of the above work but I'm really wanting to get your password, I could set up a website. I could design it so that it looks exactly like the Bebo login page. The only difference is that the URL will be different. This is called phishing. If I sent the link to your page and you clicked on it, you could be confused, thinking to yourself that you thought you were logged in. You might then enter your account details into the forms without putting much thought into it. By doing this, you would be sending me your password and username. If you think that you might have been fooled by this trick, change your Bebo password now.

So, you've seen how I could do this. Now its time to make sure that it cant happen.

1. Make sure your password is strong. Don't use words that relate to you. Don't use words that can be found in the dictionary. Don't use names as passwords or common phrases. Use random characters, and make it long. Imagine how hard it would be to crack a password such as %h7!lq43f!;yuy? Just make sure that you remember the password that you're using.
2. Know what your secret question is. Make it so that it can't be guessed. If you really want to be sure, change your secret questions answer to a long sentence of random characters.
3. Do not give out your email address to the public. This means not giving it out to Bebo MSN bands that swap "addys."
4. Be aware of people asking you to add them as a friend on Bebo. Why are they asking you to add them? Why don't they just add you?
5. Don't go around sending random Bebo friend requests to people.
6. Be aware of strangers asking you strange questions. Make sure that you realise what your secret question is. This way, you'll know if somebody is trying to con you.
7. Be aware of phishing sites that pretend to be Bebo. If you were logged in and suddenly you're on page that is asking you to log into your Bebo account again. Look at the websites address to make sure that it is www.Bebo.com or Bebo.com. Anything else is a fraud.
8. Don't trust your friends. This means, do not give out your password. Don't enter in your Bebo password when others are watching.
9. Regularly change your password.

I'd like to remind you that hacking is illegal and that everything you do on the Internet leaves behind a digital fingerprint. Systems are in place to catch hackers. If you attempt to hack, you may face a large fine or even imprisonment. So ask yourself, is that really worth hacking a Bebo account?