False warnings about hackers invading Facebook accounts to post insulting messages to the walls of friends of the rightful owners of those accounts have been circulating in e-mail and on social networking sites since at least 2011.
Facebook accounts can be retooled by hackers to issue missives their actual owners would never send (such as the posting of derogatory notes on friends’ walls), but the mechanism whereby malcontents gain such control is one of social engineering rather than computer wizardry. There’s no special programming trick the ill-intentioned have mastered that allows them to seize control of social media accounts, no way for ‘hackers’ to randomly access Facebook accounts and use them to send insulting and/or sexual messages in others’ names. (So-called Facebook “pirates” might be able to achieve a similar effect, but they do so by creating new accounts that impersonate existing accounts, not by “hacking” into the latter.)
The bottom line is that Facebook users have to actively do something (even if they aren’t aware they’re doing it) to open the door and allow hijackers to access their accounts; security-conscious users need not worry that “hackers” will suddenly seize control of their Facebook accounts no matter what precautions they may take.