Shortly after the launch of Facebook's redesigned personal profile in December, Facebook tricks website Reface.me reported a hack that allowed users to create visually stunning profile images by using the profile picture and the top five photos across the top of the profile together to create one image.
Using the method described in Reface.me's How to Hack Your Profile Picture in 30 Seconds, the author of this article learned it is also possible to hack the pictures across the top of a friend's profile, displaying any images chosen by the hacker.
How the Original Facebook Profile Photo Hack Works
The new Facebook profile displays the most recently tagged five photos of the user at the top of their profile. Users quickly discovered they could create unique profile pages by using their profile picture and matching or complementary tagged photos in this photostream at the top of the profile.
By taking one picture and cropping it several times to create one profile image of a maximum of 180 x 540 pixels and five profile photostream pictures of 97 x 68 pixels, users could display the one image in several parts across their profile. After uploading the new images, users tagged them in the reverse order in which they wanted them to appear.
An additional Facebook photostream hack became apparent, as users began to crop the original picture into eight, with the three additional pieces displayed in the newsfeed on the user's wall as the three most recently uploaded photos.
Facebook Photostream Vulnerability Allows Users to Hack Friends' Profile Pictures
Using the method described above, the author of this article was able to "take over" the five images displayed at the top of Facebook friends' profiles simply by uploading images and tagging the friend.
Facebook displays the five most recently tagged photos at the top of a user's profile, just beneath their name, whether the user tagged the photos or not. This apparent vulnerability allows friends to determine which five photos will appear on their contacts' profile page (see images).
While this hack is limited to Facebook friends determining profile content for friends, it allows for potentially embarrassing or malicious profile hijacking.
How to Fix Photostream Hacking in the New Facebook Profile
Facebook users can change their privacy settings to determine which level of contact (Everyone, Friends of Friends, or Friends Only) can see photos in which they are tagged. However, this does not prevent friends from tagging them in new photos.
Users with a hijacked Facebook photostream on their profile can either untag themselves in the offending pictures or visit the "Profile Pictures" tab under "Edit Profile" and select "Reset Photostream." This will generate a new row of pictures at the top of the profile.
As this hack becomes more apparent and possibly misused, Facebook may need to consider limiting the photos appearing in the photostream at the top of a user profile to those tagged by the user.
Join the Conversation