However, there’s another way hackers can get a hold of your account without you even noticing. James Martindale, 18, plugged in his T-Mobile SIM card and received a text from Facebook stating that he hadn’t logged into his account for a while despite not synchronising the new number to his Facebook account.
When he searched for an existing account with the new number sim card, Martindale found an account on Facebook. To try to access the account, Martindale pressed the password recovery key which gave him the option of texting a recovery code to the registered number to gain access.
Facebook turns down Pakistan’s request to link accounts with mobile numbers
In the end, Martindale could access an account previously associated with the number without needing a password. Now, that can be a serious cause of concern for general everyday users.
What’s more, Facebook also gave him the option to change the password in what the social media giant thought is a protective measure to prevent what already was happening. This would have locked the real user out of their account, or to make matters worse, meant he would never have known his account had been hacked.
“This can be game over for your account,” he wrote.
The problem stems from the fact that Facebook allows you to link multiple phone numbers to your account, and doesn’t force you to remove old ones once you’ve stopped using them.
Martindale says he reported the issue to Facebook three months ago, which acknowledged it was a 'concern' but hasn’t yet done anything about it.
“There are situations where phone numbers expire and are made available to someone other than the original owner,” Facebook responded. “For example, if a number has a new owner and they use it to log into Facebook, it could trigger a Facebook password reset. If that number is still associated with a user’s Facebook account, the person who now has that number could then take over the account.
Facebook inks accord with local company to train women
“While this is a concern, this isn’t considered a bug for the bug bounty program. Facebook doesn’t have control over telecom providers who reissue phone numbers or with users having a phone number linked to their Facebook account that is no longer registered to them.”
The solution to this is quite obvious. You should immediately unlink any old numbers and email addresses from your account, by visiting settings and enable two-factor authentication along with enabling alerts about unrecognised logins.
This article originally appeared on The Independant.
COMMENTS (1)
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ