Detect a new way to 'hack' Facebook accounts

Technology expert James Martindale points out that this method could be used in cyber frauds dedicated to trading black market accounts.

A computer security specialist has discovered a fragility in Facebook that could allow hackers to access user accounts just by getting an old phone number that at some point was linked to the profile.

The method

If the user has forgotten his password, Facebook's account recovery system offers the possibility to reset access using a telephone number, to which an SMS with a unique code is sent.

Even so, James Martindale warns in a publication for the medium portal that if the user has changed the number but still retains the old ones, hackers could retrieve those numbers and easily modify the password.

Martindale detected the security bug in Faceboook after changing his phone number. When he inserted the new SIM card, he immediately received a message from the system, although that line was not yet linked to his own account. Then, out of simple curiosity, the expert typed the number on an Internet search engine, identified the profile, and entered any key to gain access to the retrieval system.

In this way, the programmer managed to successfully 'hack' a stranger's account just by writing one of his old numbers, which are usually recycled by telephone operators and delivered to new users when they expire.

This mechanism could be used in scams dedicated to the sale of accounts in the black market, so the best way to protect Facebook accounts is:

• Delete old phone numbers and email addresses.
• Associate your Facebook account with your latest number.
• Pay attention to warnings about unrecognized logins and enable 2-step authentication.