you probably got phished hackers post a link from one of your friends they've already hacked. you click it. it looks like the facebook login page, but its really a fake. you don't realize, and enter your info. they then have it and phish with your account.
There are a lot of ways that can happen... from you entering you PW on a site you THOUGHT was Facebook but wasn't... do keylogger malware that is monitoring what you type and sending it off to some server in Russia. (Hope you don't bank online!) http://siblog.mcafee.com/consumer-t...ord-reset-scam-threatens-computers-worldwide/ If you get a email with a link to a site that you may use and you think it is legit... bank, facebook etc... never click on the links in that email... go to Facebook or your bank etc... via your Favorite or whatevre... or even more safe is to type it in. (Before that a single typo can lead you to a site that is trying to steal you PW though) McAfee has a service called Site Advisor which can help you know when you are at the wrong place, and also will show you red Xs by sites known to host malware in google search results etc... http://www.siteadvisor.com/ Make sure your AV software is up-to-date... but also any plugins (Acrobat reader etc...) are exploitable. Firefox with no script plugin is pretty safe browser, but with anything you still have to think about what you are doing.
Yep... and sadly it is all too easy to do. There are hacker tools where they can point it at a domain and they can scrape the entire site in seconds... then they put it up at another domain like sportsstwo.com or whatever... and somehow trick people into going to that site... which has been modified to steal the password.
