Raleigh resident Nikki Carlson just got a new phone number, and when she tried to log onto her Facebook account, she forgot her password so she requested a password reset link to her new phone number. She got a text to her new phone number, and she was able to reset her password and get into Facebook.
"It says, 'Hi Tammy,' and I'm like what's going on here?" Carlson said. "I'm scrolling, then I start seeing 'Mom we miss you, we wish you were here,' and I'm like okay, something creepy is going on here."
Nikki had full access to someone else's Facebook account. In this case, it was someone who was deceased.
"That's when I realized that it let me sign into the person who had this phone number before, and then from there it was linked to other accounts, like Instagram," Nikki adds.
This all happened because Tammy, who is now deceased, linked her phone number to her account. And in this case, since Tammy is deceased, her phone number was recycled and Nikki now has Tammy's former number as her own and since it's still associated with Tammy's Facebook account, Nikki had full access to it too.
"I think people need to realize this," Nikki cautioned. "If this number could have gotten into the wrongs hands, who knows what they could have done."
Nikki contacted Tammy's loved ones and gave them access to the Facebook account so they could secure it.
Nikki was able to gain access to Tammy's account because the account had not been memorialized.
"We encourage people to memorialize profiles to help secure their loved one's account and provide a place for friends and family to honor their memory." A Facebook representative said. "While memorializing an account prevents anyone from logging into it, we understand it can feel like a big step that not everyone is immediately ready to take. In this case, Tammy's account was able to be accessed because it was not memorialized and we apologize for any additional grief this caused her loved ones."
Meanwhile, Nikki said this experience was a lesson for her too, "It wasn't until this happened that I remembered to go into my Facebook (account) and take my phone number out because someone probably has the phone number that I used to have which was hooked up to Google Pay."
Facebook offers these tips on how to protect your account:
- Ensure your contact information, including email address and phone number, is up to date in your account settings.
- Enable two-factor authentication, which adds an extra layer of security to your account. If you set up two-factor authentication, you can choose to confirm your login attempt on a third party authentication app, such as Duo or Google Authentication, each time someone tries accessing Facebook from a computer or mobile device we don't recognize. You can also get alerts when someone tries logging in from a computer Facebook doesn't recognize.
- Facebook also notifies users when someone else adds the same phone number to their account so that they can remove out-of-date contact information in their settings.
The Troubleshooter Takeaway, if you have your phone number connected to your Facebook account, you might want to add an extra layer of security to your account with two-factor authentication. And remember, if you change your phone number, make sure your update all of your accounts, as it's likely your phone number will be recycled and given to someone else.