Facebook loves to tout its security measures, but many vulnerabilities still exist in the company’s systems. For example, privacy researcher Alexander Hanff wrote this week about how easy it is to gain access to someone’s account if you’re given their old phone number by a telecom company.

This kind of phone number recycling is extremely common, and it wouldn’t be difficult for someone to reset a Facebook account’s password using only the owner’s previous number. However, when Hanff reported this apparent vulnerability to Facebook, the social media giant said that it doesn’t have control over how telecom providers reassign phone numbers, and thus can’t help solve the problem. However, Hanff soundly rejected Facebook’s logic, noting that it doesn’t allow users to create weak passwords for themselves because it’s exposing them to risk. Why, therefore, would the company allow this loophole to continue?

“We do not say ‘Well we know that passwords with low entropy can be hacked very quickly, but we are not responsible for people using password busting technology so we will continue to allow four-character passwords consisting of only lower-case letters in the first half of the alphabet,’” he wrote. “So if you know a risk exists, the whole point of security design is to mitigate or remove those risks, not ignore them because you are not responsible for them.”

It’s hard to argue with Hanff’s logic, but Facebook rarely backtracks after issuing such a strong public statement. For now, it appears this security risk will continue to exist.

Recommended Resources

Choose what the experts use: award-winning cybersecurity you can trust and rely on.

Surf the web truly incognito. Try Bitdefender Premium VPN, the ultra-fast VPN that keeps your online identity and activities safe from hackers, ISPs and snoops.

System Mechanic 14 – Make your computer run like new. Winner of 200+ Editor’s Choice awards!