techviral–We all use Facebook in our daily life. Without any doubt, Facebook is the best social media platform which is now being used by millions of users worldwide. Everyone who uses facebook links their phone number to their account.
Linking phone number to the Facebook account helps users to recover the account in case you’ve forgotten the password. So, the phone number can be used to reset Facebook accounts password.
Have you ever thought, what if you have changed your phone number and the number is now assigned to someone else? Programmer, James Martindale, found an easy way to hack any Facebook account.
The programmer explained that he got a new SIM card, and after inserting that into his phone, he received two texts, one from an unknown person and the other one from Facebook. Obviously, the second text, that came from Facebook surprised him because he hasn’t added the new number to Facebook yet.
Let me tell you, Facebook lets users find their account using a phone number. Users can also enter their mobile number in email field to sign in. So, James Martindale attempted to sign in using the new phone number and a random password. However, it didn’t work. So, he clicked on ‘Forgot Password’
Facebook showed him different recovery options, from where he chooses to recover the password using a phone number. He picks the number on which he wants to receive the recovery code and once he got the code he created a new password to log in. So, James Martindale got full access to the Facebook account.
Well, these cases are rare but this can be possible. James Martindale also said that his VoIP carrier FreedomPop lets him change his phone number anytime for $5. FreedomPop and some similar type of services often show lots of phone number to choose from. Hacker can try logging in using one of those numbers and can buy that number to hack a facebook account.
If you think Facebook is going to fix this issue, then let me tell you, Facebook clearly refused to consider this as a bug for bug bounty program. Facebook states ” Facebook doesn’t have control over telecom providers who reissue phone numbers or with users having a phone number linked to their Facebook account that is no longer registered to them”
So, the best thing to avoid these kinds of hacking attempts is by enabling the 2-step login authorization and login alerts. Users also need to remove unused or old mobile numbers and email address.
So, what do you think about this? Share your views in the comment box below.