“Hey, I need a help from an ethical hacker like you. My husband is cheating / someone kidnapped my child / someone is threatening me. Could you hack someone’s Facebook or phone?”
You’d be surprised how often I get messages like this through various channels – several times a month. The answer is always the same: I can’t help you. Even though some reasons are legitimate – if someone kidnapped your child, I’d obviously want to help if I could.
How Hacking Actually Works
First of all, hacking as practiced by ethical hackers/pentesters is almost exclusively a business-to-business affair. The clients of ethical hackers are companies with applications, ideally before public launch. We hack these applications – before anyone else can – to secure them. In practice, this means the applications you see (and those we’ve hacked) are already secure. When we break into an application, it’s so the developer can fix the vulnerabilities and prevent external breaches.
Additionally, many companies, especially large ones, offer rewards for finding vulnerabilities – easily ranging from tens of thousands to millions of dollars. These are called bug bounty programs. Meta (Facebook, Instagram, WhatsApp) paid out $4.4 million in bug bounties in 2025 alone as of this writing (October 2025), and $25.5 million historically. Apple offers $2 million for a vulnerability that leads to breaking into an updated iPhone without any clicks. Google, Microsoft, and Intel offer at least $250,000 for serious vulnerabilities.
This means two things:
- These services themselves are incredibly well-secured. You can’t just “hack” Facebook in an afternoon.
- If I could hack Facebook, I’d go straight to Facebook for those hundreds of thousands to millions of dollars they’re offering. I’d invoice them properly, have legal income, and could buy a house. If I helped a desperate user with their infidelity suspicion instead, I’d risk prison. And I assume none of the people making these requests are thinking about paying even tens of thousands, let alone hundreds of thousands of dollars.
“But Someone Hacked My Account”
Of course, account hacks still happen. But it’s an account hack through user error, not a “Facebook hack.” People make stupid mistakes. Someone sends them a link, after clicking it looks like Facebook’s page, they enter their username, password, maybe even two-factor authentication, and the account is gone. This brings me to the second most common request – “they hacked my account, hack it back.” Unfortunately, this won’t work either. The service’s support team could help you, not a hacker. But since your value as a user to most services is worth a few dollars a year (from ads you see), support usually won’t even respond, and you have no choice but to create a new account. The cost of technical support dealing with your hacked account is simply more expensive than your value to their business. Mainly because you’ll solve the problem yourself and likely return – with a different account.
So if account hacks still happen, can’t I hack an account? Three reasons why I won’t:
- It’s unethical and very likely illegal. It’s called an ethical hacker, which should suggest they don’t break into other people’s accounts.
- Just because it happens broadly doesn’t mean it’ll work in a specific case. Many people fall for it and click a link and enter their password. But that doesn’t mean the owner of the account you want to hack will do it – they probably won’t. Success rates are quite low. With so-called “spray and pray” tactics: 0.01% – 0.5%. For targeted attacks, sources cite between 1% and 20% with the best targeting, which also requires phone follow-ups. So in practice, it’s very unlikely to succeed. Moreover, gaining account access is only part of success – with end-to-end encrypted communication, hacking an account might not even get you the message history. Plus, such a hack will be detected almost immediately.
- Another option is hacking the end device or gaining account access through means other than obtaining login credentials. Count on days to weeks of work. The man-day rate for freelancers is somewhere between $700-$3,000. That’s per day of work. Let’s calculate a standard rate of $1,500 per day and 10 days of work – so the answer to “my husband is cheating” could easily cost you $15,000 – and even then, no one guarantees it. After 10 days, you could get a perfectly normal answer: “oops, it didn’t work” – and you still have to pay (usually upfront). Because most people understand that the answer to “is my husband cheating” isn’t worth $15,000, most hackers don’t even offer these services. The price is based on the market and opportunity cost. If a hacker is hacking your husband, they’re not hacking for a corporate client who’ll pay that amount without hesitation.
These three reasons apply to me simultaneously. Besides, I’m out of practice – I don’t do penetration testing and ethical hacking anymore. I’ve essentially never hacked end devices; I focused on server/backend system security. So besides such an assignment not interesting me at all, I’d probably be even slower because I’d be doing it for the first time (except basic phishing campaigns, which we obviously did regularly when testing companies).
So for the question of whether your husband is cheating, try finding out by asking him. If someone is harassing you, report and block them. At worst, change your contact details. It’s not an ideal solution, but it works better than hacking. And it’s significantly cheaper. Occasionally changing your phone number is good hygiene – it removes several weird people from your life. For me, not using a phone number at all has worked well. People can only reach me through encrypted connections and data; if someone tries via phone, they’re out of luck.
Child abductions by one parent are something where I wish this calculation worked out differently and help was possible. In these cases too, passport revocation, international cooperation, and investigation work better, even with private detectives’ help. I haven’t experienced a single case where it worked through hacking.
Conclusion
Movie hackers who crack codes in three minutes with a gun to their head, or hack city traffic lights from the passenger seat like in the movie Hackers, are (un)fortunately fictional characters. Hacking is demanding work, usually taking days, especially if you care about who you’re hacking. Broad-scale hacks are certainly possible and common, which is why phishing campaigns target millions of people, where even 0.01% success means profit.
Professional ethical hackers focus on corporate system security. In IT, we have a joke: when someone tells a database architect “you work with computers, could you fix my printer?” Transferring this to another domain, it’s like asking a fisherman if he could milk a cow – after all, he works with animals.
“Bad advice” to conclude: Prevention is best. Don’t let yourself be hacked. Strong passwords. Be very careful where you enter login credentials. If you’re not sure, close the browser window and rather do nothing. Attackers often create a sense that something must be done immediately or something bad will happen – they’ll cancel your account, transfer money, or similar. It’s almost never the case. If someone calls you, hang up and call the official helpline – find the number yourself on the website. It’s easy to fall for it – even for professionals. Don’t make hasty decisions and be careful. Ethical hackers very likely won’t help you. By very likely, I mean 99.99%.
If the question involves cryptocurrency, I also recommend the article “How not to fall for a cryptocurrency scam,” which is also in my book Cryptocurrencies – Hack your way to a better life.
Hacking is super fun and can be used to improve lives, but that doesn’t mean a hacker will help you in situations you think they will.
P.S.: I no longer do ethical hacking in IT – I’ve moved on to other things. So trying to convince me that I can probably help you specifically is pointless. I’m out of practice.