I have written about this before, but wanted to share it again. If you are on Facebook.com, then you really should make sure that you log out of Facebook whenever you leave the Facebook.com website. I know this is a real pain, but here is a perfect example of what can happen:
As you can see, one of my Facebook friends posted about a diet / weight loss product, some sort of “drops”. I know this person, and they would NOT be posting this sort of stuff on their Facebook account. So, here is what I think happened in this case:
1. She didn’t log out of Facebook when she went to the site.
2. She visited another website. Not sure which one, but really it could have been just about any website: even “good” websites.
3. An ad appeared with malicious code in it, or the malicious code was present on the page that my Facebook friend visited.
4. Since my Facebook friend was logged into Facebook still, the site recognized that and automatically posted on her Timeline/Facebook wall without her permission.
Again, I have written about this before, and there are TONS of scripts (usually JavaScript code) that anyone can copy/paste on their website. If someone is still logged into Facebook, then the site can post anything they want on the person’s Facebook Wall. And the person won’t even know it until they visit their Facebook wall to see what they’ve posted in the past.
This functionality is good in many cases–sites can use the Facebook “widget” to show the latest Facebook posts, etc.. In fact, I use it on my own site, on the right sidebar. But, in this case, Facebook still has not plugged this hole. It’s something that definitely needs to be fixed.
In the meantime, keep using Facebook.com. But when you leave the site, log out.