Securely Import Your Buddies in Facebook Without Getting Hacked!

First a couple of notes:
1. I have tested this method only with Gmail, but it should work with any email client or web-based email service that lets you export your contacts in VCard format, the address book format that is accepted by almost all major and minor email clients I know of, Microsoft Outlook™ and Outlook Express™ being prominent ones! So, if ISPs such as Yahoo, Hotmail, or AOL offer options to export your contacts in VCard format, you should be able to follow my method.

2. I have tested this technique only with Facebook, but it should work with any social networking site that lets you import your buddies in VCard format.

So let us begin. I am trying hard to keep this article shorter and less boring than my previous articles ;)

If you are on Bev Clement’s newsletter (I really suggest you subscribe), you might have noticed messages about Facebook account hacks from her  popping up in your inboxes infrequently. I really appreciate her for alerting others about things such as these. Anyway, I know about one of the most common reasons behind this hack, and I am going to tell you how to keep your account safe from hackers!

Almost all social networking sites offer you an "easy" way to import your buddies into your network with one-click: the ubiquitous "login into your email account" tool I am sure many of you are familiar with. The tool looks very tempting because it is probably the easiest and quickest way to import and add your friends to your social network.

In case you don’t understand what I mean, here is a screenshot of the tool from Facebook. Almost all social networking sites offer similar tools:


Click on the above image to enlarge it!

Sure, Facebook may not store your login information, but that does not matter; similarly, it also does not matter if no one except you has access to your PC. Imagine that a spyware is sitting on your PC and you don’t even know it! Since the page is insecure (I wonder why no social networking site cares to secure that page with SSL), the " login data" you enter in the above page is "cached" or stored by your browser (this does not happen when data is passed through a secure, https:// connection)!

The spyware sitting in your PC reads the information and passes it to the appropriate sources (i.e., that hackers), who are only too happy to hack your email account and spam your contacts! ;-)

Sure, you may get lucky first time, second time, or even third time, but luck won’t favor you forever! One or the other time your email account would get hacked and you would have no one else to blame except yourself!

In the span of just a month, the email accounts of two of my buddies got hacked (and funny enough, none of them knew about it until I notified them), and I suspect the culprit behind these hacks is one of those "login into your email account and import your friends" tools offered by almost all social networking sites these days (of course, there are many other ways in which hackers can steal your sensitive data)!

Unless a page is secured with a https:// connection, you should NOT enter sensitive data (such as your email account password, or credit card information) through that page!

Let me tell you of a better way to import your friends (and no, I am not so dumb headed as to suggest adding friends one by one into your network ;) )

First, log into your Gmail account, then click on the "Contacts" link on the left hand side! You will be taken to a page that looks somewhat like this:

Click on the above image to enlarge it!

From the drop down menu, choose the type of contacts you wish to export (I suggest you don’t change the default option of "MY Contacts", for whenever I have selected the "All Contacts" option I have got a lot of "false positives" in my contacts list! :D

Then choose the export format. Of course, you should choose the "VCard" option as that is the universally accepted format for address books!

Next, log into your Facebook account, then click on "Friends=>Find Friends" from the top menu:

Click on the above image to enlarge it!

Click on "Import Email Addresses" link on the right.

Click on the above image to enlarge it!


You will come across the same page whose screenshot I showed you at the start of the article, but instead of using the first option, you will use the third option, that is – " Microsoft Outlook Express, Thunderbird, Apple Mail and others. Upload a contact file and we will tell you which of your contacts are on Facebook":

Click on the above image to enlarge it!

Select and upload your VCard file using the browser upload tool. In a few minutes, your address book would be successfully imported. Rarely Facebook may show up a connection timeout error, in which case you should retry the import process!

Note that sometimes Facebook may present you with a different interface than the above page for importing emails, in which case, you should click on the "Upload Contact File" link on the right:

Click on the above image to enlarge it!

The biggest benefit of using this option is that you are not entering your email account’s login information from an unsecure page and still be able to import your contacts just fine!

So, does following my technique guarantees that your email account would never get hacked? Of course not, but it should surely minimize the chances of a hack. Also remember to use a strong password for your email account, preferably one that is 8-10 characters long and contains at least one numeric and one special character!

More importantly, you should change your passwords regularly, at least once every 2-3 months if you are too busy! If you use Gmail, you should also opt to login into your email account using a https:// connection instead of http:// connection! More information here.

If you use the Gmail notifier tool, you will need to make some changes in your system registry when you switch to a secure connection. More information here (scroll down that page until you see a yellow box with information on https).

Memorizing and keeping track of complicated passwords is not an easy task. As I have confessed many times on this blog, I use Roboform both for password generation and password storage. Hmm, now does not that sound like an ad? :D

Oh, and by the way, if you wish to connect with me, here is a list of my social networking profiles (more would be added soon).

Now, is not this article short and sweet? I also hope that it is not that boring either! So, how about posting a nice comment below! :D


  1. Laura

    Arindam, you are just a fount of vital information! Thanks for all the useful tips in this post.

  2. Chandan

    Thanks for the tips Arindam. I knew how to export email id from gmail but I was not aware of importing in facebook.

    I am little bit lazy to change my passwrod. I got a good lession and now I have to continue changing my password.

  3. Mark

    That vulnerability has been around a long time. One of the reasons I wouldn’t join. It wasn’t til I figured no one would want to be me that I did ;)

  4. Affiliates Mania

    Arindam. i love your tips. thanks for sharing with us :)