An exploit has been found by a man named James Martindale, an independent computer programmer, that would allow anyone with access to your phone number to take over your Facebook account.
As Martindale explains, the key to the hack is having an old number as your rescue phone number for if you’re locked out of Facebook or as a login on mobile. Since phone numbers get recycled, your old number you don’t use anymore could/likely will end up in someone else’s hands and they could use that number to gain access to your account.
Almost no one seems to keep their Facebook account information up to date beyond honing their meme game so if you haven’t updated that number in a while and aren’t sure then you need to check immediately.
Here’s What You Need To Look For
If it’s your current number then you’re fine since any reset attempt would send you a notification on your phone.
If it’s an old number then you should delete it from your account. The consequences of not doing so could be very expensive. As Martindale explains, your account could be sold.
Once I have an account, there’s plenty of possibilities. People buy Facebook accounts on the black market all the time, and even in more public places like Reddit. Or I could message the account’s friends and ask for money, just like this scam that probably made thousands.
Of course, if the account is still actively used I might not want the person to know. That’s ok. All Facebook accounts have an integrated account for managing Facebook advertising, and I’ve seen these accounts (without the rest of the account) go for $50–100.
Be aware that Facebook isn’t going to correct this for you. In fact, when Martindale reached out to them about the glaring security risk they basically told him it wasn’t their problem and it doesn’t look like they’re even going to notify any Facebook users.
Head on over to Martindale’s full post on the topic if you want more gritty details but, whatever you do, don’t leave your old number on your Facebook account.