A bug in Facebook's Web site allows hackers erase Facebook friends lacking permission.
The error was reported Wednesday by, a student at Marist academy in Poughkeepsie, New York.

But as of Friday morning, Pacific Time, it had still not been patched, based on tests demeanor by the IDG News Service on a reporter's Facebook friends list.
A hateful hacker might unite an abuse for this bug with spam or still a self-copying worm system to cause disaster on the social network.

He's printed proof-of-concept code that scrapes publicly obtainable data from users' Facebook pages and then, one by one, deletes all of their friends.

For the assault to work, though, the victim would first have to be tricked into pressing on a hateful link while logged into Facebook. "The next thing you know, you have no friends,".

The safety researcher is not going to discharge the code used in his assault until after Facebook fixes the flaw, but he says that technically competent hackers could figure out how to pull off the attack.