What is my IP
What is my IP

Meta warns about the vulnerability in password recovery linked to the recycling of phone numbers

February 22nd. 2024


Meta, a leader in social media, has announced that it will not assume responsibility for personal account theft on Instagram and Facebook related to password recovery through the use of recycled phone numbers. The company argues that it lacks control over telecommunications providers and users involved in this practice.

Phone number recycling: an overlooked risk in a recent statement

Meta revealed its inability to manage personal account thefts that occur when phone numbers are recycled by telecommunications carriers. This common practice among mobile phone companies involves reassigning discarded numbers to new customers, making them owners of a number previously used by another user.

In countries like Spain, carriers wait for a period of 30 days before reassigning a number, but the risk persists if users do not unlink the number from digital services or associated platforms, such as social networks and emails.

The danger of not unlinking phone numbers from digital accounts

When users deactivate a phone number, whether due to a change of carrier or any other reason, carriers must wait before reassigning the number. However, failure to unlink this number from digital services can result in unauthorized access to personal accounts.

In many services, linking the phone number is allowed for actions such as resetting passwords. Users, upon receiving a verification code on their number, can complete the login without the need for email validation or a password. This process, though accepted, can lead to unintentional unauthorized access.

Meta warns users about the importance of unlinking phone numbers from digital accounts when deactivating them, insisting on the need to update associated information to prevent account theft.

Related content

Other contents of interest