Facebook has announced that hackers login to Facebook hacked accounts 600.000 times (not all of them successfully) in 24 hours. So far we had to worry only for our password, to be different from our other accounts (email, other websites), to be strong and don’t be hacked (Trojans, Keyloggers). Facebook added a new feature to regain your account if it is hijacked and it is called “Trusted Friends”. You can select three to five friends that will get a code and if you enter those codes you will get access to your account. You might think that this is a good thing and that you will get access to your hijacked account but this is the one side of the coin. You might also think, if this feature was created to help you then how is it possible to have another side?
There are about 800 millions users that use Facebook but some of them are fake accounts created by people that have no good intentions. Some of them use those accounts to send spam messages, some others to gain access to the locked info of the person they are interested without let them knowing that. This last one does not sound harmful and there are parents that are doing this which I find creepy. Fake accounts on their own are nothing but having many friends make them valuable. Most of the users on Facebook are accepting friend requests by people they don’t know and that is good for fake accounts. If you continue reading you might reconsider and delete some of them.
Now we are going to link the “Trusted Friends” feature with fake accounts. Image that you have friends that are the fake accounts of someone that wants to access your account. He can easily gain control of your account by using the “Trusted Friends” and selecting his accounts as the trusted ones that will get the code. There is also a step by step guide on how to do it on hackers online club. In my opinion “Trusted Friends” should be removed or modified. If hackers don’t do it, your real friends most probably will as a prank or if you upset them.
How can someone protect himself from this exploit? First of all, you should not accept requests from anyone because he/she has a sexy profile picture or because you want to be popular on Facebook. Secondly, you can send a message to Facebook to remove this feature. You can also be friendly and don’t upset your friends. If you have sensitive information on your messages I suggest that you delete those messages before you regret it.