Researchers unveil new Facebook password vulnerabilities

The overwhelming popularity of Facebook has made it a veritable magnet for online security threats. But although company engineers have been vigilant in their cybersecurity efforts, Brazilian researchers recently discovered a loophole that compromises Facebook's latest set of password protection features.

At a recent online security conference in Sao Paolo, industry expert Nelson Novaes Neto walked guests through his strategy for combining Amazon, LinkedIn and Facebook to compromise the online identity of a model target. According to SlashGear, Neto began by creating a cloned account of a colleague through online research and sent friend requests and invitations to her legitimate contacts.

Within one hour, 24 Facebook users and 14 LinkedIn contacts confirmed the requests. In fact, it only took seven hours to trick the colleague into accepting the friend request from her own cloned account. After the initial progress was made, Neto could have exploited Facebook's Three Trusted Friends App to acquire the legitimate account password from site administrators.

"People have simply ignored the threat posed by adding a profile without checking if this profile is true," Neto noted, according to Ars Technica. "Privacy is a matter of social responsibility."

Instead of relying solely on the third-party security assurance, experts have long recommended a more proactive approach from consumers. One such strategy is the use of password manager tools that generate and store strong passwords for each unique account.