Many users of the famous social network enter a phone number on the platform in order to make it more secure. By adding your precious number, Facebook can send you a new password if you forget or hack your account. Did you know that adding a phone number can also be used by hackers to hack your account? The worst part of it all? Facebook seems to have nothing to do with it.
A few days after refusing Pakistan's request to make it mandatory to add a phone number instead of the traditional e-mail address, Facebook is once again under the spotlight. Its security system based on sending an SMS to a pre-encoded number could in fact be the ideal entry point for hackers. Hard to believe that a feature aimed at improving the security of your account could ultimately compromise it? And yet ...
"How I hacked a stranger's Facebook account without doing it on purpose"
The discovery of James Martindale, an 18-year-old programmer shivers down your spine and asks a lot of questions regarding the protection of our privacy on Facebook. How did he stumble upon one of the biggest security holes in the social network, worse than the infamous channels already used by hackers?
As he tells on his Medium page, his discovery is purely hazardous. He simply changed his card and phone number. When he activated it, he received two text messages: one from an unknown person and the other from Facebook. The text message sent by the social network was surprised not to have recently seen him log into his account. By entering their new number instead of their email address, James was able to reset the password for a stranger's Facebook account!
What exactly happened? The person behind the Facebook account had simply left an old number listed in their security settings.When this phone number was assigned again, it could have been used by James to log into the account. Fortunately, James was not a hacker with bad intentions, so he refrained from causing harm or repeating the experience. Even if it specifies that access to a Facebook account, or to several accounts by retrying the hack in question, has enormous monetary value.
Anxious to help others and prevent Facebook, James immediately contacted the social network's security service.. The answer is as disturbing as it is funny:
Although this is a problem, we don't consider it a bug.
In short, Mark Zuckerberg's social network clears the case and even ends up blaming the telecom operators.
So how can you avoid unpleasant surprises? James advises all Facebook users to delete every old phone number and email address, turn on login alerts, and use two-factor authentication. As a joke, he also advises leaving Facebook to join alternative social networks. We all know this is impossible for ordinary people because we love to hate our friends online too much!
- Envoyer à un ami