If you have every accepted a friends request and you weren’t sure if you actually knew the person you could be setting yourself up to have your account hacked. Facebook security protocols, while ever improving still leave a rather large loophole in the company’s infrastructure that hackers are implementing in their favor.
Here’s how the scam works. A Facebook user accepts friends requests from three people they “may have known as some time” at which point the hacker, who started all three accounts attempts to reset your password.
The hacker accomplishes this goal by telling Facebook that they no longer have access to the email account or mobile phone associated with the account (as shown in the screen grab above), they then incorrectly answer the security question you have entered at which point Facebook will ask them to have three friends help them verify your account by sending them a special code.
Since the hacker has already setup three accounts that you have accepted as friends they simply choose to send those codes to their fake account, thus gaining access to the password reset function using their own email address.
Website Hacker9 discovered the vulnerability and they offer a quick fix, make sure you register your mobile phone on Facebook and enable all security settings, especially the “Login Approvals” features.
The easiest solution? Don’t accept friends requests from people you don’t absolutely know. Also remember that just because the person has a “common friend” you actually know it doesn’t mean they are in your circle of friends, your real buddy on Facebook may have fallen prey to the hacker and hence they show on your buddy’s friend list.