Everyone is on Facebook, from your 14-year-old niece to your 75-year-old mother in law. Facebook is like a diary, photo album, and travel log wrapped up into one. The last thing you would want is for your account to be hacked. It could lead to problems ranging from a minor inconvenience to a total disaster.
With access to your Facebook, hackers can permanently log you out of your own accounts, steal your private data, photos, and conversations. Furthermore, they can share posts and messages with your entire social network, pretending to be you, further spreading malicious links and extorting your friends.
What’s worse is people often create other accounts using the option “Log in with Facebook”. These accounts become immediately hackable as well.
Unfortunately, hacking into a Facebook account is a lot simpler than we would hope. It may be as simple as getting a hold of your old phone number.
The problem is that Facebook allows users to use their phone number as a recovery option. Facebook even encourages this option, sending notifications reminding you to add your phone number. This in itself is not a bad thing. However, Facebook does not remind you to update this information periodically. That is where the problem lies.
A tech writer can hack into your account
Young tech writer James Martindale discovered just how easily hackers could access a Facebook account when he got a new phone number.
When he first got his new phone number, Martindale received texts meant for someone else (the previous owner of his phone number). Facebook allows people to find your account with a phone number. Curious, he inputted the number into Facebook’s search bar and an account came up.
Martindale then tried to sign into the account using the phone number and a random password. Obviously, the password did not work but he was immediately given the “Forgot Your Password?” option to reset his login credentials. The only secondary piece of information Facebook required from him was his phone number. Martindale received a temporary passcode via text message and was able to reset the account’s password. Within minutes, he managed to effectively lock the rightful owner out of his own account.
As you can see, it does not require any kind of complicated technical methods to hack into an unsuspecting user’s Facebook account. It is easy to say that you are an uninteresting target for a hacker. While it is true that you may not be a ‘big fish’ so to speak, hackers are often times looking for any kind of open door.
A hacker could too
Martindale simply tried this experiment for curiosity’s sake. Even still, he’s managed to gain access to several accounts via FreedomPop. The service allows him to switch numbers whenever he wants for only $5. He can pick any number from a list of available options.
Imagine what a criminal hacker could do if an 18-year-old tech writer was able to do this in minutes. All a hacker has to do is look up any of the phone numbers to see if one is still attached to an account and select that one.
The hacker can then use this newly acquired account for several lucrative ventures. They could sell the account on the Black Market. They could use the account for phishing scams. In fact, a scam like this happened this month. The attackers take advantage of the trust you have for your Facebook friends.
There are several things you can be doing in order to protect your accounts:
- Make sure that you update your information when you get a new phone number, email, etc.
- Use a (2FA) two-factor authentication app. This puts another barrier between your accounts and a hacker.
- Use different passwords for different accounts. This way, even if a hacker gains access to one account, they will not immediately be able to access all of them.