How I logged in into someone else’s Facebook account.
- I bought a new SIM card from a Verizon store in California, so I can have phone and internet connection while my trip in the Bay Area. The service staff at Verizon installed my card into my newly purchased iPhone 6+.
- Started receiveing text messages like: ‘Brandon Price wants to be friends on Facebook. You have 2 friends in common. Reply “1” to confirm or go to: https://fb.com/l/1Pl2E8…’. At the time I thought it’s a phishing attempt, so simply ignored such messages.
- After receiving a couple of messages I started interacting with them. So for instance, on Sunday I received a message ‘Today is Racheal Stinson’s birthday. Reply to post on her Timeline or reply 1 to post “Happy Birthday!”.’ Since I wanted to be a nice person on a sunny Sunday, I just replied “1".
- Similar text messages kept incoming to my phone. So I opened one of the links starting with “https://fb.com/…”
- So it opened Safari on my phone which forwarded me to a facebook.com URL. OK, it might not be phishing, I thought, so let’s try to get in.
- Facebook asked me in a prompt if I am Ervin Horton Jr. and though I am not, I clicked Continue to see if…
Facebook would actually let me in? And it did.
The second prompt told that this phone has not yet been verified to access Ervin’s account so I had to choose either answering some security question — at which I would have failed probably — or verifying my phone by sending a security code to this phone. No, it didn’t require any password, only to send a verification code to my phone — to the very same phone where I kept on receiving text messages already.
That all went all too easy, tapped the send code button, received the code, entered it — and I was in. I sent a message to myself:
So guys, you better fix this security breach.
I know sign out from Ervin’s account and will send him the link to this post so he is aware of what happened.
I am co-founder of opp.io a new communication platform to replace email as we know it today. It allows users to send actionable messages which makes team collaboration more effective.
If you are interested in early access, sign up at opp.io.
