Facebook Responds to its Flaw That Allow Strangers To Access Your Account

If you enjoyed this article or learned something new, please don't forget to SHARE it with others so they have a chance to enjoy this free information. This article is open source and free to reblog or use if you give a direct link back to the original article URL. Thanks for taking the time to support an open source initiative. We believe all information should be free and available to everyone. Have a good day and we hope to see you soon!

Recently, a security researcher claimed to have spotted a flaw in Facebook’s account recovery feature that can let anyone easily break into your account – that too, without you ever noticing, media reported on Friday. According to a report in the Independent, “there is no need of password to gain access and scammers can also lock you out of your own account”. This means that your Facebook account may have been hacked several times without you knowing, and in a way this explains the unusual posts you may have found on your timeline that you did not actually post.

The discovery was made by 18-year-old James Martindale when he inserted a new SIM card into his phone.

Martindale quickly received a message from Facebook informing him that “he had not logged into his account for a while, despite not having tied the new number to his account”, the report said.

He then searched for the number on Facebook which brought up a single account.

Martindale then attempted to log into the account by using the number as the username and typing in a random password but failed because the password he entered was wrong.

He clicked on ‘Forgot Password’ option to recover his account but failed again.

Martindale searched for the account with the new number and found a list of account recovery options — comprising an email address and six phone numbers – for regaining access to the account.

“One of these options was for Facebook to text a password reset code to the very number Martindale had just tried to log in with,” the report said.

After selecting the option, he received the code and successfully logged into the ‘person’s’ account.

“Facebook then gave him the option to change the password, which would have locked the real user out of their account, or to skip that stage, which means he never would have known his account had been hacked,” the report pointed out.

Martindale performed the same trick with another new number and it resulted the same. However, when Martindale pointed out the flaw to Facebook, he was told it was just a “concern”.

Here is Facebook’s entire response, as cited by Martindale:

“There are situations where phone numbers expire and are made available to someone other than the original owner. For example, if a number has a new owner and they use it to log into Facebook, it could trigger a Facebook password reset. If that number is still associated with a user’s Facebook account, the person who now has that number could then take over the account.”

“While this is a concern, this isn’t considered a bug for the bug bounty program. Facebook doesn’t have control over telecom providers who reissue phone numbers or with users having a phone number linked to their Facebook account that is no longer registered to them.”

Popular Topics

Sponsored Ad

Related Posts

Sponsored Ad

Most Popular

Copyright © 2017, All Rights Reserved.

All information, data, and material contained, presented, or provided on is for educational purposes only.
It is not to be construed or intended as providing medical or legal advice. Decisions you make about your family's healthcare are important and should be made in consultation with a competent medical professional. We are not physicians and do not claim to be. Any views expressed here-in are not necessarily those held by
To Top