Accepting Unknown Friend Requests May Give Hackers Access To Your Facebook Account

People who are careful about their Facebook security and friend requests may not need to hear this, but for everyone else — or if you've ever received a friend request and thought "I might have known this person in high school" — consider this new vulnerability that lets hackers bypass the Facebook security question with fake friends.

We're still testing this security question vulnerability (testing means the account will be locked for 24 hours after the password change), but a reader sent in this tip about how easy it is for a hacker to bypass the security question on Facebook.

Apparently, if you tell Facebook that you no longer have access to your email account(s) or mobile phone, you'll get the common security question prompt. If you answer the security question wrong (or a hacker does), you can verify your account by sending codes to three friends. Trouble is, a hacker could plant fake friends into your account — if you automatically accept them — and then go through this process to reset your Facebook password.

To protect yourself from this vulnerability, hacker9 recommends registering your mobile phone on Facebook and enabling all the account security settings (including the recently mentioned "Login Approvals" feature). And, of course, be wary when accepting strange friend requests.

Facebook's Security Question Vulnerability - Bypassing Security Question! [hacker9]


    Yup,... yet another reason to dump "FB". I dumped it over a year ago, and I still get emails from people I never heard of either making me their friend or asking me to be theirs...!! Now they want to make it easier for kids... with the astonishingly high amount of predators out there, I'm really alarmed about that...!!

    What a stupid option. Even if they're not fake friends. If they're people you know, but not well or people you anger, then as payback they can get together as a group and get into your account. Worst decision ever Facebook

    This also causes problems with their other security measure based on friends. If you sign in from an unfamiliar location (say, the ukraine), it might ask you to identify several friends in photos to prove you're the real account owner. Somebody planning ahead and with access to your friends list could break through that as easily as they could a 'what is your mothers maiden name' question.

Join the discussion!

Trending Stories Right Now