Facebook introduced specific features, primarily tested first in India, to stop photo theft.
That "one-click download" button? It often executes JavaScript that steals your Facebook session cookies. The attacker doesn’t need your password—they just walk into your open account.
When a user locks their profile on Facebook:
