In this abstract, we aim to provide systematic study about the security of trustee-based social authentications. To this end, we first propose a novel framework of attacks that are based on the observation that users’ security are correlated in trustee-based social authentications. In these attacks, an attacker initially obtains a small number of compromised users which we call seed users. The attacker then iteratively attacks other users according to some priority ordering of them. Our attacks are similar to forest fires which start from a few points and spread among the forests. Thus, we call them forest fire attacks. Second, we construct a probabilistic model to formalize the threats of forest fire attacks and their costs for attackers. Moreover, our model quantifies the costs of sending spoofing messages for attackers. Third, we explore various scenarios where seed users have different properties and introduce strategies to construct priority orderings. Our results have strong implications for the design of more secure trustee-based social authentications.