Now a cyber security expert has claimed hackers could access victims’ accounts by doing little more than finding out their old phone number.
Facebook offers users the chance to recover access to their account if they forget their password by typing in their phone number, getting a code texted to their phone and then resetting the password.
But if someone has a new phone number and has failed to unlink their old one from their Facebook account, hackers could use the social network’s clever security system to gain access to victims’ profiles.
In a Medium post, tech expert James Martindale wrote: “Your Facebook account is a treasure trove worth a good chunk of money.”
Martindale claimed he was able to access a stranger’s account by simply typing in one of his old phone numbers, which are often recycled and handed to new owners when they fall out of use.
Facebook lets you search for people who have associated numbers with their accounts.
All hackers would need to do is buy a new phone number and then hope the person who used to own it had not changed the phone number linked to their Facebook profile.
Former NHS hacker tells how easy it was to gain access, including patient records
They could then click the forgotten password option when trying to log into their victim’s account and Facebook’s security mechanism would send them a text allowing the hacker to the account password and get inside.
Once they have access, they could access all your secrets and begin scamming your chums.
Last year, one scammer claimed to have used a fake ID to crack into a male victims’ Facebook account and then bombard his fiance with pictures of their PENIS.
But there is also big money available to people who hack into social media profiles.
Martindale claimed that hackers could flog cracked Facebook account for more than £38 a pop, meaning a determined crook could potentially earn a lot of dosh if they found enough people to target.
“I guarantee you that somebody out there has already smelled the money, figured this out, and is on the prowl chasing after accounts they can resell,” Martindale added.
“At some point, one of those accounts is going to be yours if you have an outdated phone number on your account.”
The best way to protect yourself is to only associate your Facebook account with your very latest number.
In a statement provided to The Register , Facebook said: “Several online services allow people to use phone numbers to recover their accounts.
“We encourage people to only list current phone numbers, and if we detect the password recovery attempt as “suspicious” we may prompt the person for more information.”