According to a report by The Independent, a serious flaw in Facebook’s account recovery lets anyone break into your account easily. The report suggests if this flaw is exploited then you wouldn’t even notice someone else has access to your Facebook account. They also stated that there is no need of a password to get into your account and the hacker can even lock you out. This discovery was made thanks to James Martindale who is an 18-year-old programmer. He made the discovery when he got a new SIM card and got a message from Facebook saying he hasn’t logged in for a long time.
After getting the message Mr Martindale searched the number on Facebook which pulled up an account. He then tried to log in to the account with a wrong password and did not succeed after which he pressed the forgot password button after. He was later shown a list of recovery options. Out of all the options, he selected “send the password reset code” option to the linked mobile number for regaining access to the account.
After he selected the option and entered the code he received he was successfully logged into the account. After which Facebook offered him an option to change the account’s password to keep the account secure. If the password was changed the user would have been locked out of their account. He could just simply go ahead and skip changing the password and could have kept using the account. This was performed by him again with a new number and the result was the same.
To keep your account safe we do recommend you to ensure the mobile number is linked to your Facebook account is updated or not. If not and you have an old number linked, someone except you might also be using your account, and if it is so, to keep yourself secure update the phone number immediately and change your password.