Researchers from the University of British Columbia Vancouver infiltrated Facebook with a set of bot-controlled fake accounts, sent out a load of friend requests, got a load of responses, and then harvested 250GB of personal data. They managed this in spite of Facebook's defense measures such as CAPTCHAs if an account tries to add too many friends, and the "Facebook Immune System" (FIS), that detects suspicious, spider-like activity and blocks it.
In total, 102 bots were used. These sent friend requests to 5,053 random users with public accounts, 976 of which accepted them. The bots then sent a further 3,517 requests to friends of those users; 2,079 of these were accepted. Facebook Immune System blocked about 20 percent of accounts after users reported those accounts for spamming. The result was a network of 3,055 profiles, with a further 1,085,785 friends-of-friends in the extended network.