I think I'll add my two cents here. The most probable ways you'd get caught are:
a) If the users notice suspicious activity
b) If you log into many accounts in a small time frame from the same IP address.
Obviously everything you've done has been logged, but if you don't attract attention to your activities, then chances are the admins will not pay attention to them because of the large volume of logs facebook keeps.
If you used a good chain proxy (like tor) and didn't do anything stupid, you should be OK. But you also don't want to make posts like this, since if there's even a remote link from your user info here to your user info on facebook, you just moved yourself that much closer to being caught. While no one in the hacker community would call this hacking, it's still illegal and is considered hacking by the people that would prosecute you. Basically, disguise your traffic source, cover your tracks where possible, and don't draw attention to yourself. Oh, and here:
Check this out before engaging in future activities. It'll give you a good idea of what's legal and what's not.

EDIT: I just reread your post. Changing the passwords of multiple users will definitely attract attention. The facebook admins will notice multiple similar complaints coming at the same time, and if a common IP address sent the reset requests, then you've pretty much lost any hope of not being noticed. In that case, if you didn't use a proxy, well... you can try changing your IP address, assuming you have a dynamic one, but that's about all. Your ISP will have a record of your previous addresses, so if facebook decides to investigate and respond in a legal manner... hate to say it, but you could find yourself in some trouble. Email hacking could be called identity theft or impersonation, as well as hijacking the facebook accounts and logging in as the victims. That's also multiple instances of unauthorized access, among other things. If this is the case and you actually did all this from your personal computer without the protection of a proxy, then change your IP a few times, remove all traces of your activities, ask the admins to remove this post, stay quiet about it, and hope facebook has more important things to give their attention to than tracking you down. And in the future... don't let your curiosity carry you away without knowing what you're getting into.

Last edited by fourthdimension; 19Jan2009 at 21:33..
iAmCodeMonkey like this