Cloned Facebook Profile of Sorrento Engineer Sparks Cybersecurity Alarm
Facebook confirmed a cloned profile of Graziano Maresca, chief engineer at Sorrento’s municipal office, was circulating online as of June 13, 2026, raising concerns about social engineering vulnerabilities in professional networks.
The Exploit Mechanism: Phishing, Credential Stuffing, or AI-Generated Content?
While Facebook has not disclosed the exact method used to create the fake profile, cybersecurity researchers analyzing the cloned account noted similarities to credential stuffing attacks. The impersonator used a near-identical email address and profile picture matching Maresca’s official corporate photo, suggesting access to internal directory data.
“This isn’t a traditional phishing scam,” said Dr. Elena Voss, chief security architect at CyberShield Labs. “
Attackers likely leveraged compromised employee credentials from a third-party service, then used AI tools to generate plausible social media content that mimics real professional networking behavior.”
The cloned profile allegedly posted messages about public infrastructure projects, using Maresca’s official work phone number and email domain. Facebook’s threat intelligence team identified the account through behavioral biometrics, detecting anomalies in posting patterns and friend list connections.
What This Means for Enterprise IT
Enterprise cybersecurity teams should prioritize monitoring for “shadow profiles” created using compromised credentials. The incident highlights the risks of single sign-on (SSO) systems that grant access to multiple platforms with a single breach.
OWASP recommends implementing multi-factor authentication (MFA) with hardware tokens for high-risk accounts, while NIST emphasizes continuous monitoring of user behavior analytics (UBA) systems.
Ecosystem Implications: Platform Lock-In vs. Open-Source Alternatives
The incident underscores the risks of centralized social infrastructure. While Facebook’s security team claims to have removed the clone within 12 hours, the damage highlights vulnerabilities in platform-based identity systems. Wired reported that 37% of corporate social engineering attacks in 2025 exploited weak identity verification processes across major platforms.
Open-source alternatives like Matrix and Element offer decentralized identity management, but adoption remains limited in public sector organizations. “The problem isn’t just Facebook’s security,” said Marcus Chen, CTO of OpenIdentity. “
It’s the entire ecosystem that treats social credentials as a universal key.”
The 30-Second Verdict
- Cloned profiles exploit weak identity verification in centralized platforms
- Attackers likely used compromised credentials from third-party services
- Enterprise IT should implement hardware-based MFA for critical accounts
- Decentralized identity systems offer alternative security models
Enterprise Mitigation Strategies: Beyond Traditional Firewalls
Organizations must adopt zero-trust architectures (ZTA) that verify every access request, regardless of origin. Google’s BeyondCorp model demonstrates that removing implicit trust in internal networks reduces breach risks by 78%, according to a 2025 Gartner study.
For public sector entities, the CISA recommends:
- Regularly auditing employee directory access rights
- Implementing AI-driven anomaly detection for social media activity
- Conducting phishing simulations for municipal staff
CVE-2026-34578: The Unpatched Vulnerability in Social Engineering Toolkits
Researchers at SANS identified a previously unknown vulnerability (CVE-2026-34578) in Facebook’s API that allowed attackers to scrape professional network data. The flaw, patched on June 10, 2026, could have enabled mass creation of cloned profiles using automated scripts.
“This wasn’t a sophisticated attack,” explained security researcher Aditi Rao. “
It was a case of exploiting a known weakness in API rate limiting. The real issue is that social platforms still treat professional credentials as low-risk assets.”
Comparative Security Analysis
| Security Feature | Matrix | ||
|---|---|---|---|
| Multi-Factor Authentication | Optional | Mandatory | Optional |
| API Rate Limiting | 100 requests/min | 50 requests/min | 200 requests/min |
| Decentralized Identity | No | Yes | No |
What Comes Next: Regulatory Scrutiny and Platform Accountability
The incident
