Late this afternoon I received a text from a good friend, asking if I had set up a new Facebook profile, as she had received a friend request from me. I hadn't, of course and it seems someone had cloned my profile details & set up a fake "me". They then sent friend requests to my existing friends. Whilst it was all sorted pretty quickly - I asked another friend to report it, as I was away from my devices (I don't have Facebook on my phone) - I do wonder how it happened.
I know my profile photo and background image are public, so can be re-used, but quite how this account could send friend requests to my friends, I'm not sure. All my settings are "friends only" wherever I can do that, so unless they had logged into my account, they shouldn't have been able to see that information. I have login alerts set up and there were none sent out. In addition I run a VPN, even at home, which I thought provided some additional security. A small amount of time on Google implied that it had to be done by a "friend". A little perturbing, as I don't have friends I don't know. However, it happened and fortunately Facebook closed down the faker within 10 minutes of having it reported.
I can understand why people leave Facebook. I don't post there much, I just check in to see what friends are up to: people I wouldn't otherwise have time to keep in touch with. I don't often post there myself now. I post occasionally on Twitter and I chat on App.net, a place where I feel very much amongst friends. But I'd miss Facebook if I left.
Naturally, my password manager now has an even longer Facebook password than it used to have, though I don't think that was compromised. Although, thinking about it, I really should change passwords more regularly. At least I don't re-use them on different sites!