Today I had to share with you this Public Tech Announcement, which Bustle published earlier this week to save you some undeserved social media tech grief.
Do you currently have your phone number linked to your Facebook account It’s for extra security, right? Or maybe to give you a recovery option if you forget your password? Well, you might actually want to think about removing your phone number from your Facebook account, because it turns out that connecting one to the other might open up a vulnerability that can allow others to gain access to your Book of Face info — if, that is, you don’t take a very important precaution. It’s a simple one, but it really, really matters. (Bustle has reached out to Facebook for comment and will update this post if/when we hear back.)
Update: A Facebook spokesperson tells Bustle via email, “Several online services allow people to use phone numbers to recover their accounts. We encourage people to only list current phone numbers, and if we detect the password recovery attempt as ‘suspicious’ we may prompt the person for more information.”
Earlier: In a recent post on Medium, James Martindale, who describes himself as a “wannabe programmer” in his bio, detailed what happened when he acquired a couple of new phone numbers — and inadvertently discovered how easy it was to gain access to the Facebook accounts connected to those phone numbers. Martindale had acquired what would be the first of these new numbers when he signed up for a prepaid plan from a major carrier; when his new SIM card arrived and he popped it into his phone, however, he suddenly got two text messages. The first, he wrote, was from a stranger (probably someone who knew the phone number’s previous owner); however, the second was “one of those texts Facebook sends out when you haven’t logged in for a while… except I hadn’t added this phone number to Facebook yet,” said Martindale.
Martindale knew that you can actually search for people on Facebook using their phone numbers, so, curious, he typed in the number belonging to his new SIM card in the social network’s search bar. An account came up, so out of pure curiosity, he opened Facebook in an incognito tab in his browser and tried to sign into this account. (Did you know that you can also use your phone number as your username to sign into Facebook? Because you can. Just, y’know, FYI.)
It didn’t work, of course — but it did give him the option to “Recover Your Account”
You can also access this page if you just click “Forgot account?” under the login fields in the top right corner of the main Facebook homepage.
Martindale found that many of the recovery options were starred out, but one of them was completely visible: The “Text me a code to reset my password” option linked to his new phone number showed the number in full.
“So there it was,” he wrote. “I could change the password and lock this guy out of his account, just because he forgot to remove an old number.” What’s more, when Martindale acquired yet another SIM card and phone number, he was able to recreate the same results.
The Moral Of The Story:
If you change your phone number, update that info in your Facebook account. That means removing the old phone number at the very least; you can also add your new one if you like. Facebook won’t remind you to do this, though, so you’ve got to remember it on your own. The good news is that it’s not actually difficult.
For those of you that take security measures seriously, I recommend getting a Google Voice Phone number – free, but don’t link it with your contacts.
Privacy does not exist and anyone can take on your identity in Facebook if you are not careful.
Hope you all are having a relaxing weekend!
Here’s the full article as well as instructions: Bustle on how to opt out.