Recently, I’ve come across some functionality on that seems… worrying to say the least. Facebook On Facebook, if you sign up for text notifications, you will receive a text message when someone comments on your status, accepts your friend request, etc. In that SMS, there will be a link which directs you to the post with the following format: . URL https://fb.com/l/<some-hash-here> Strangely, when you click this link you are automatically authenticated and logged in to your Facebook account. That’s right. It doesn’t ask you for a username or password, but just gives you access to the account. By simply clicking this link, (which is obviously not good if the account is not yours). This means, if you share your text notification link with someone, they will have access to your Facebook account from a single click. Am I the only one that thinks this is absurd? you have gained full control of that account After reporting this issue to the Facebook security team, I received a response which included the following: “The protection in this case is to not allow someone to access your device or never share private links with another user.” They were able to confirm that this was intended functionality which made matters even worse. What exactly are ‘private links’ in this case? I’m always sharing links of videos on Facebook to my friends. Nowhere have I read that links shouldn’t be shared because it could potentially expose your Facebook account. I’m sure many people have activated these mobile alerts on their Facebook accounts, so I’m posting this to raise awareness of this strange functionality. If you are not convinced, please try this for yourself . Facebook lets you generate from your own account. Just generate two test accounts A and B, set up text message notifications on A and add A as a friend from B. You should receive a text with a link. Click the link from any platform and it should log you in as A (without requiring username/password). test users is how hackers start their afternoons. We’re a part of the family. We are now and happy to opportunities. Hacker Noon @AMI accepting submissions discuss advertising &sponsorship To learn more, , , or simply, read our about page like/message us on Facebook tweet/DM @HackerNoon. If you enjoyed this story, we recommend reading our and . Until next time, don’t take the realities of the world for granted! latest tech stories trending tech stories

Facebook

Too Long; Didn't Read

Questions about cloud security? Get answers here.

Facebook text notifications = dangerous

Too Long; Didn't Read

Company Mentioned

Sub

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Facebook text notifications = dangerous

Too Long; Didn't Read

Company Mentioned

Sub

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES