Facebook accounts get spoofed all the time. But what does this mean? Has your account been hacked? Do you need to change your password?
No you have not been hacked. You do not need to change your password, in fact, changing it does nothing to help or stop a spoofed profile.
Spoofing is when someone duplicates your Facebook profile. It is not the same as hacking. A spoofer sets up a clone of your profile page and sends out Friend Requests to everyone on your friends list. This is not the same thing as actually having your account hacked into and your password stolen. In the case of actul hacking, yes, changing your password is a must.
** If you were spoofed, changing your password does nothing, because your password was not compromised. The spoofer does not have access to your account.**
To help prevent being spoofed, you need to make sure that your list of friends is not public. To make your friends list private make sure you are on your profile page. That is your name, not the word "Home". Click on the word "Friends"
Setting your friends list to something other than public will make your Facebook account not worth spoofing!
If you were spoofed, or if you accidentally accepted a spoofed account friend request, go to the spoofed page and report it to Facebook then unfriend them. Warn others and warn whoever was spoofed so they can take action too.
Remember to check your Privacy Settings every so often to make sure they are set as you want them to be! You probably don't want all your posts and status updates and photos being available to everyone including search engines, so be alert and be savvy about what it means to have settings as "public" vs "private"