Hacking is a journey“Items Collection”

Eddie Mora
3 min readMay 26, 2020

Hello community, today it's time to show you a sweet side from the hacking world, which is items collection.

So whats items collection mean in the infosec world?

Actually as in normal life, you may know a person or a group of people obsessed with collecting rare and valuable things that may don't exist anymore.

Then in this article, I will show the kind of items you can collect as a hacker,
I may lose this item after this article because it seems illegal in a way, and it can be used to do malicious actions, anyway its 2020 and I think its time to show it.

So our item for today is about, the name of an email address that few people may have nowadays.
Imagine you open the mailbox you own and find this email from Facebook Team.

Its says Account update from Facebook-service, today I can say it's clear that it's not a real message from Facebook but before 3 or 5 years it was one of the best way the hack Facebook accounts, you need to know that it's not some kind of SMTP service or email spoofing attacks, its a real email address that I own from 10 years with the name of facebook-service.

Today we don't have the possibility to create this kind of email, because of the new filters used by email providers.

So what's the story behind this email address, and why I still have it?

To answer this let me back with you 5 years ago, and see how Facebook emails system works!
Basically 5 or 6 years ago, as a Facebook user you had the email address you created the account with, for example: ‘EddieMorra@gmail.com’, its a normal address where you can receive mails from anyone in the world also control your Facebook account from.
But! there was a hidden thing that few people knew about, it was a method that can allow other users to send you messages as a simple Facebook chat even if they were not in your friend list.

This method was based on a second hidden email address linked with your Facebook account that can allow you to receive emails from external emails as a simple message in your Facebook chat.
Finding this hidden email was so easy, you can just take the name of the user you want to send something to and add ‘@Facebook.com’ for example ‘EddieMorra@facebook.com’ btw Facebook ID also worked for this feature.

Till this part, everything seems normal, but now its time to think out of the box and exploit this feature!
As you already saw after sending an email from ‘tst’@gmail.com’ to ‘EddieMorra@facebook.com’ Mr.Eddie will receive our message in his Facebook chat with the name we have in our mail which is ‘test’.
But what if we have an email address with a special name!
for example ‘Facebook-service’ and why not update the picture in our email to the Facebook logo!
Mr.Eddie will receive a fake email from Facebook-service!
As a hacker, I used to send malicious links and scams page to the victims and it was one of the best ways to hack Facebook accounts in this period.

Unfortunately, this feature is no longer available and you can’t create emails with special names anymore.

This is a post from 2016 in quora.com talking about this feature.

In the end I still have this email address because I'm a collector and I like to keep old stuff that reminds me of my start in the infosec field.