A website which offers an easy way to hack into Facebook accounts could actually lead users into unexpected danger, a security researcher has warned.
Joshua Long says that he stumbled across the French-language "Hack-Face" website, which claims to serve up a password to access anyone's Facebook account, after he received a spam comment on his own blog.
Amusingly, the site at first claims to offer a "recovery" service if you find yourself locked out of your own Facebook account (maybe you've been drinking the sherry too much, and forgotten what you changed your password to) but very rapidly becomes more up-front and acknowledges it can be used to break into anyone's account on the social network.
But what the site would *really* like you to do is create an account with them.
Of course, if you're one of the many people who is still using the same password for multiple websites that's a very bad idea. After all, you could have just given this "Facebook-hacking" website the same password as the one which protects your own Facebook account!
That would certainly be quite a sneaky way of building a database of usernames and passwords.
Josh wasn't slow to spot the irony:
"If someone stumbles upon this site and tries to use it to hack someone else’s Facebook account, they may end up getting their own account hacked instead."
Things can get even worse still, however.
If you attempt to hack (sorry.. recover the password for) a Facebook account, you will be prompted to send a couple of SMS text messages to a number which appears to be related to premium rate services.
Although there's no obvious mention of it on the website, each message may cost the sender €4.50, and who knows if you are effectively signing up to receive more costly and nuisance messages in the future.
You should never trust a website which offers to hack into an account for you. If you've lost access to your own account, contact the website's support team and learn how you might be able to regain access. And never forget that breaking into someone else's account is a criminal act.
If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.