There is intelligent hackers surfing Facebook to get information to hack your Facebook account, or other accounts such as banking and such. To get people's password, they use a fishing scheme.

They will use a Facebook account that they stole or create a bogus account. They know people use past or present information for their passwords. It is easier for the person to remember a password if it contains something familiar to them.

For example, Bill creates a password using his dad's middle name Steven, favorite hobby fishing and a number 23. His password is Stevfish23#. Bill thinks no one will figure out his password.

Bill gets on Facebook and does a questionnaire on Facebook. In the questionnaire, it asks what your favorite hobby is. Bill says fishing. He thinks it is safe to say that since the password contains other information besides that.

However the hacker will record all the information you have available to everyone such as your father's name and such. The hacker may also start additional surveys besides just that one. The second survey may ask what your father's middle name is. You may not think it is the same person asking because they use a different hacked account so you answer it.

The hacker takes all the survey answers and tries different combinations of information you provided on an account of yours, like Facebook to see if a combination works.

Thing about sites requiring you to sign in, not all sites block you from trying to sign in if you entered your password more than 3 times. Therefore, the hacker can keep submitting guesses.

You might say that there is too many combinations of words letters, symbols and such for them to guess it. It would take too long. That is not true. There is software that hackers use that will try numerous combinations of letters, numbers, symbols and combinations till it finds the right combinations. It can do the combinations real fast (the interface of the site they are trying to sign in may slow it down, but they can still try the combinations. The results are faster if they have some or all of the password. They will take the answers you gave in the questions and put them in the software. The software will try different combinations till it succeeds or runs out of options.

Not saying all surveys are bad and from a hacker. Just informing you to be careful of the information you provide to the hacker.

You may say "I am a nobody! I am not worth it. I have nothing to provide the hacker. That is wrong.

If I wanted to hack into a federal agency, or civilian business or something that is worth hacking into but want to hide my tracks, I will use a hacked account. That way if their security detects the intrusion, they will see your account and not theirs. Many times they will use a hacked account to hack other accounts and then use the account to do what their goal is. If the tree of hacked accounts is long, the trail to the culprit gets harder.