Phishing Attack: is the most popular way of stealing other’s password. Popular by the name of fake login (among those who knows it!!) the users land on a page where they are asked for their login information and they enter their username and password thinking it to be a real page but actually it is other way round. It submits all the details entered to the programmer or the coder.
Community Links: Many times you are provided with a link to a community in a scrap. Read the link carefully, It may be something like http://www.okrut.com/Community.aspx?cmm=22910233 OKRUT not ORKUT. Clicking on this link will take you to a fake login page and there you loose up your password.
Orkut New Features: I have come across a page that looks like they are giving the user a choice of selecting new features for orkut with your ID and password, of course!! When user submit the page, there goes his ID and password mailed to the coder.
Java script: You must have seen the circulating scraps that asks you to paste this code in your address bar and see what happens! Well sometimes they also leak out your information. Check the code and if you are unsure of what to do, then I recommend not to use it.
Primary mail address: If by some means a hacker came to know password of your Yahoo mail or Gmail, which users normally keeps as their primary mail address in their Orkut account, then hacker can hack Orkut account by simply using USER ID and clicking on ‘forget password’.This way Google will send link to the already hacked primary email id to change the password of the Orkut account. Hence the email hacker will change your Orkut account’s password. Hence your Orkut account hacked too.