Java tool can get Facebook users’ details

A JAVA TOOL for Facebook allows potential attackers to get personal details about users of the social networking web site.

According to H-Online, Facebook Pwn uses social engineering to obtain personal details that are not publicly accessible from Facebook users.

The tool attempts its attack by setting up a fake account that attempts to befriend all of its target's contacts. Then, the attacker chooses one of the victim's friends and adopts their identity by stealing their name and profile picture and setting up another fake account.

The fake account submits a friend request to the Facebook user, who is none the wiser as the attacker has the same name and mutual friend list as the person whose identity they stole.

After the friend request is accepted, the tool downloads the victim's personal data and photographs so that even if the victim detects and unfriends the fake account, the attacker will still have the details. It can then be used for other targeted attacks such as spear phishing or stalking.

People can get the GPL3-licensed "proof of concept" code from the project at Google code. µ