This isn’t uncommon, but it’s not every day that a security flaw is found that allows access to anyone’s account. An Indian hacker found the fault in the password recovery algorithm. If you try to log in to a Facebook account and don’t know the password, you can reset it by receiving a six-digit code via SMS to the phone number you previously provided.
The code is only supposed to be tried twelve times – but a development version of the code behind Facebook left this protection out, so you could try as many times as you like.
Did you know?
On February 14, 2019, Facebook announced that it had been made aware of a vulnerability that impacted nearly 50 million Facebook users. One of these consequences is that hackers could have gained access to people’s account data, including their names, photos, and posts on their timelines.