Hacker group: Facebook's latest security may backfire

One of social networking site Facebook's latest security measures that can help recover an account from a hacker may actually backfire, a hacker group warned. The Hackers Online Club said Facebook's "Trusted Friends" can be defeated if the victim is fooled into accepting three fake accounts from the hacker as friends. "This trick only works if three trusted friends agree to give you the security code so it's really important that you add your three fake accounts into your victims facebook account as a friend," it said. Earlier, Facebook said the new "Trusted Friends" tool helps a Facebook member if ever he or she is locked out of his or her account. It is similar to other features that help one prove one's identity through one's friends. "We will send codes to the friends you have selected and they can pass along that information to you," Facebook said. But the HOC said that once the three fake accounts are accepted as friends, the hackers can go to Facebook and click "Forgot your password." The hackers can then set their email addresses to receive the reset password. "(F)acebook will ask you to choose three trusted friends ... choose the three fake profiles of your which you created and added into the victim's account. After selecting three accounts facebook will send security codes to these accounts; just enter these codes and you will get Password Resetting email from Facebook on the account you created," it said. A separate article on The Hacker News said the exploit may be as high as "90 percent successful on victims who add friends without knowing them or just for increasing the number of Friends." — RSJ, GMA News