Mark got his account back after three weeks of pleading with Facebook’s support bots. The scammer? Never found.
When you click "Login with Facebook" on a fake viewer, or install a malicious extension, you give the attacker your c_access_token . This token allows them to control your account. They will: fb profile picture viewer work
: When someone requests to view a full photo, Facebook’s servers check the viewer's account token. If the viewer is not on the user's approved list, the server completely blocks access to the image file. Mark got his account back after three weeks
When Facebook displays a small thumbnail of a private user’s profile picture, it scales down a larger, high-resolution original file. or install a malicious extension