Facebook ‘Massive Security Hole’ Lets Anyone Find You from Your Phone Number

    Facebook has opened its users up to security risk, and potential theft, by allowing anyone on the platform to search for others using their phone numbers, which were only given to the social network for two-factor authentication security.

    “For years social media Big Brother had been pestering its users to secure their account with two-factor authentication (2FA) by prompting them to enter their phone number so they could get a text with a security code login when logging into their account from a new device for the first time,” explained Fast Company, Sunday. “On the surface, Facebook prompting people to enable 2FA was a good thing–if you have 2FA enabled it’s much harder for someone who isn’t you to log in to your account. But this being Facebook, they’re not just going to do something that is only good for the user, are they?”

    After inviting users to submit their phone numbers under the guise of better security, Facebook now allows “anyone to look up a user by their phone number, the same phone number that was supposed to be for security purposes only,” and won’t let users opt out of the feature — creating a security risk for the user.

    “The most you can now do is limit who can look you up with the phone number you provided to ‘Friends,’ but you can’t hide it entirely,” Fast Company reported. “And remember, by default Facebook allows the whole world to find out who you are by entering your phone number.”

    Lawyer and Adam Smith Institute fellow Preston Byrne pointed out on his blog that Facebook “just created a massive security hole which exposes every single one of its users to life-altering shitty hacks.”

    “I’m frankly astonished nobody internally at that company thought about this before pushing this feature,” Byrne proclaimed. “The issue here is that your average workaday user who is even a little security-minded will not only use their cell phone to do two-factor authentication for their Facebook login, but will also use the same cell phone for every other two-factor login or password recovery system they have, including, for example, their e-mail account or their bank.”

    Byrne then added, “even if you leave specific instructions with your provider to not port your SIM without a PIN and photo ID, smooth-talking criminals can still convince telco employees to do it anyway, with the result that the crook obtains control of your phone number – and can receive any communications sent to it.”

    “Facebook’s new search feature will allow fraudsters to use Facebook to verify the identities of cell phone subscribers, even where Facebook users have locked down their cell phone numbers on their profiles to avoid this very outcome. In permitting anyone to search cell phone numbers, Facebook has compromised the security of every individual user of its service in the name of convenience,” he continued. “All someone needs to do, conceivably, to exploit this new ‘feature’ from Facebook is to punch in random cell phone numbers until they hit paydirt and discover a corresponding identity. If the user isn’t particularly security-minded, they’ll have birthdates and addresses publicly viewable, too.”

    “After the target is identified, the hacker simply calls up the user’s cell service provider, and social engineers a SIM port,” Byrne explained. “Boom. All SMS-based 2FA that person used with that number, on any service, is now compromised. Including the 2FA for the user’s Facebook account.”

    Recent Articles

    Apple Black Friday deals 2019: top savings on iPhones, MacBooks, AirPods and more

    The best Black Friday deals on MacBooks, iPhones and other Apple products. If you're looking for the best Apple Black Friday deals, then you've come...

    16-Inch MacBook Pro Available Today at Apple Stores in United States With Pickup Reservation

    Apple today activated its in-store reserve and pickup system for the new 16-inch MacBook Pro in the United States. This system enables customers to purchase the 16-inch...

    Xbox One November Update now available with Google Assistant, new gamertags, and text filters

    Some useful new features for Xbox owners Microsoft is rolling out its November 2019 Update for the Xbox One today. The big new addition is...

    Apple Music introduces Replay to create playlists of your most-played songs

    (CNN)With 2019 soon coming to a close, Apple Music is offering us all a fun way to look back at the songs and artists...

    Walmart Black Friday 2019: The best deals available now

    Plus, all of the details about the big discounts coming Nov. 27. Walmart has served up its official Black Friday ad. We now know (mostly) everything we can...

    Latest Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox