image credit: Unsplash

Meta says risk of account theft after phone number recycling isn’t its problem to solve

February 13, 2024

Meta has acknowledged that phone number reuse that allows takeovers of its accounts “is a concern,” but the ad biz insists the issue doesn’t qualify for its bug bounty program and is a matter for telecom companies to sort out.

The core problem is that telecom companies recycle phone numbers that have been abandoned after a brief waiting period – at least 45 days in the US. That can become a problem because many online services require a phone number to identify users and/or send one-time passwords for two-factor authentication. Users who abandon a number, and forget to update their new number, are therefore at risk of malicious account reset attempts by whoever gets access to their old numbers. Account takeovers are a common consequence.

Read More on The Register