Facebook admits SMS notifications sent using two-factor number was caused by bug

Facebook this evening clarified the situation around SMS notifications sent using the company’s two-factor authentication (2FA) system, admitting that the messages were indeed caused by a bug. In a blog post penned by Facebook Chief Security Officer Alex Stamos, the company says the error led it to “send non-security-related SMS notifications to these phone numbers.”

Facebook uses the automated number 362-65, or “FBOOK,” as its two-factor authentication number, which is a secure way of confirming a user’s identity by sending a numeric code to a secondary device like a mobile phone. That same number ended up sending users Facebook notifications without their consent. When users would attempt to get the SMS notifications to stop, the replies were posted to their own Facebook profiles as status updates.

Source: https://www.theverge.com/2018/2/16/17022162/facebook-two-factor-authentication-sms-notifications-security-bug

Roger Stringer spends most of his time solving problems for people, and otherwise occupying himself with being a dad, cooking, speaking, learning, writing, reading, and the overall pursuit of life. He lives in Penticton, British Columbia, Canada