Facebook ‘Massive Security Hole’ Lets Anyone Find You from Your Phone Number

    Facebook has opened its users up to security risk, and potential theft, by allowing anyone on the platform to search for others using their phone numbers, which were only given to the social network for two-factor authentication security.

    “For years social media Big Brother had been pestering its users to secure their account with two-factor authentication (2FA) by prompting them to enter their phone number so they could get a text with a security code login when logging into their account from a new device for the first time,” explained Fast Company, Sunday. “On the surface, Facebook prompting people to enable 2FA was a good thing–if you have 2FA enabled it’s much harder for someone who isn’t you to log in to your account. But this being Facebook, they’re not just going to do something that is only good for the user, are they?”

    After inviting users to submit their phone numbers under the guise of better security, Facebook now allows “anyone to look up a user by their phone number, the same phone number that was supposed to be for security purposes only,” and won’t let users opt out of the feature — creating a security risk for the user.

    “The most you can now do is limit who can look you up with the phone number you provided to ‘Friends,’ but you can’t hide it entirely,” Fast Company reported. “And remember, by default Facebook allows the whole world to find out who you are by entering your phone number.”

    Lawyer and Adam Smith Institute fellow Preston Byrne pointed out on his blog that Facebook “just created a massive security hole which exposes every single one of its users to life-altering shitty hacks.”

    “I’m frankly astonished nobody internally at that company thought about this before pushing this feature,” Byrne proclaimed. “The issue here is that your average workaday user who is even a little security-minded will not only use their cell phone to do two-factor authentication for their Facebook login, but will also use the same cell phone for every other two-factor login or password recovery system they have, including, for example, their e-mail account or their bank.”

    Byrne then added, “even if you leave specific instructions with your provider to not port your SIM without a PIN and photo ID, smooth-talking criminals can still convince telco employees to do it anyway, with the result that the crook obtains control of your phone number – and can receive any communications sent to it.”

    “Facebook’s new search feature will allow fraudsters to use Facebook to verify the identities of cell phone subscribers, even where Facebook users have locked down their cell phone numbers on their profiles to avoid this very outcome. In permitting anyone to search cell phone numbers, Facebook has compromised the security of every individual user of its service in the name of convenience,” he continued. “All someone needs to do, conceivably, to exploit this new ‘feature’ from Facebook is to punch in random cell phone numbers until they hit paydirt and discover a corresponding identity. If the user isn’t particularly security-minded, they’ll have birthdates and addresses publicly viewable, too.”

    “After the target is identified, the hacker simply calls up the user’s cell service provider, and social engineers a SIM port,” Byrne explained. “Boom. All SMS-based 2FA that person used with that number, on any service, is now compromised. Including the 2FA for the user’s Facebook account.”

    Recent Articles

    Vocal For Local: More Apple And Samsung Phones Will Be Made In India

    With companies getting more serious about shifting their manufacturing outside China, countries like India, Vietnam and Thailand have been making the space more tempting...


    The new apps, called Venue and Collab, come from the company's New Product Experimentation team Facebook has launched two new apps, called Venue and Collab. The iOS and Android...

    India asks internet service providers to block WeTransfer

    "We are working hard to understand the reasoning behind this block, as well as how to get it reverted as soon as possible," We...

    How to PDF Fast

    The Portable Document Format, or PDF, has been with us since 1993. It was created as a way of sharing page layouts—fonts, colors, and graphics—that would look the same...

    Google to Resume Chrome SameSite Cookie Changes

    Last year Google announced its intention to slowly roll out changes regarding the way Chrome SameSite cookies worked. This has included the way that third party...

    Latest Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox

    Do NOT follow this link or you will be banned from the site!
    Translate »