“We use a combination of three systems here to combat attacks like this – friend request and fake account classifiers, and rate-limiting techniques. These classifiers block and disable inauthentic friend requests and fake accounts while rate-limiting truncates the damage that can be done by any one entity.”
The real weakness in here is the people wanting to have more "friends", else just check your "friends list on any social network, i bet that most of the people have at least 1 person who they don't really know at all!
I wonder how much the Facebook games tie into this. I don't play them myself, but from what I understand, the more friends you have, the more items you get in your game. So people accept friend requests from anyone just to build up their game numbers. There's a lady in our office who plays 2-3 of the Facebook games and has over 700 friends. But really only personally knows maybe 30 of them. She could care less about their personal info - and as soon as she accepts some stranger as a friend to build up her gaming stats, immediately blocks their posts from her view.
I'm not "best friends" with everyone on my Facebook friends list but I do know they are real people and I was friends with them at one point in my life if they are on my friends list. The reason people's privacy gets exposed so badly is mostly just because of their own lack of common sense. I'm not saying that's the only reason, just the biggest reason.