Pre-2018, the Facebook Graph API v2.0 had a loophole where profile picture IDs could be accessed via https://graph.facebook.com/[userid]/picture?type=large. That endpoint now respects privacy settings and returns the default silhouette for private accounts.
YouTube videos show you pressing F12, finding the img tag, and changing display: none to display: block.
Occasionally, a private profile’s picture appears in: view private facebook profile picture work
These are not exploits—just overlooked public connections.
Subject: Request to Share Profile Photo for [Purpose] Pre-2018, the Facebook Graph API v2
Dear [Name],
For [clear reason — e.g., ID verification for onboarding], could you please share a current headshot or temporarily set your Facebook profile photo visibility to Friends of Friends or Public for 24 hours? Alternatively, you may upload the photo directly to our secure HR portal at [link]. These are not exploits—just overlooked public connections
Thanks, [Name, Title, Contact]