This fella “hacked a few Facebook accounts”, as you do.
You may think that having a Facebook account is no big deal and that having a personal email address and number associated with it along with a secret password should keep any hackers out.
You’d be very wrong to think that.
This security researcher has discovered a loophole in Facebook’s account recovery feature that allows anyone to easily break into an account without needing your password and without you even noticing.
Funny thing is, they could choose to lock you out of your own account too…
I just published “I kinda hacked a few Facebook accounts using a vulnerability they won’t fix.” https://t.co/uxmYWJwOan
— James Martindale (@jkmartindale) July 8, 2017
Researcher, James Martindale came across the security hack when he bought a brand new SIM card for his phone and received a text from Facebook.
The text said that he hadn’t logged into his account for a while even though Martindale hadn’t tied his new number with his Facebook account yet.
Martindale searched for the number on Facebook and it brought him to an account. His new number had previously belonged to someone else, and their account details were attached to this number.
He tried logging into the account using the phone number and a random password. He obviously got the password wrong but by clicking the ‘Forgot Password’ button, he was able to get a text on his ‘new’ number which gave him a recovery password for the original owner’s account.
He got the code, entered it into the password slot and logged into the account and was even given the option to change his password to a new unique one meaning he would have locked the real owner out forever.
The lesson here? Always update your Facebook phone number details.