Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials.
Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record every thing victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.
3. Stealer's
Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are software's specially designed to capture the saved passwords stored in the victims Internet browser.
Session Hijacking can be often very dangerous if you are accessing Facebook on a http (non secure) connection. In Session Hijacking attack, a hacker steals the victims browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and WiFi connections.
Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are a lots of Mobile Spying software's used to monitor a Cellphone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.
If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.