It's actually pretty common especially if the user is using ...
1. A single common password for multiple accounts: 0ne password for email, banking, Twitter, Facebook, etc...;
2. A single and too simple word for their password or worse
3. 12345 or password for their password or other too easy password which everyone should know by now not to use.
As for hacking a teen's webpage?
1. A fellow teen who enjoys the jerkish challenge to break and vandalize the user's Facebook feed.
2. Or others hack into Facebook for Phishing campaigns. The hey! Look at this link where the link sends the clicker to some malware or spyware program.
The best thing is to have your daughter associate her Facebook account to her respective cell phone and any other device where she can access the network. So if someone tries to access her account from another 'suspect' location, she'll get an email indicating that she needs to change her password.