Facebook got tricked by a hacker into letting him gain access to someone else's account. The hacker allegedly contacted Facebook posing as a user and claiming that he was unable to access his account. He then requested the tech giant to turn off login approvals and provided them with a fake ID. The move, surprisingly enough, got Facebook to grant the hacker access to the account.
According to a report by Motherboard, 23-year Michigan resident Aaron Thompson woke up on 27 June, to find himself locked out of his own Facebook account, with his email and phone numbers associated with the account all changed without his knowledge. On checking his email, Thompson discovered an email thread between Facebook's customer support and the hacker who had control over his account.
The hacker, posing as Thompson, allegedly sent Facebook a Hail Mary message which read: "Hi. I don't have anymore access on my mobile phone number. Kindly turn off code generator and login approval from my account. Thanks." He then received Facebook's automated response that he was required to send in a photo ID to verify his identity, if he was unable to access the account via Facebook's two-factor authentication feature, the Code Generator.
The hacker responded by sending Facebook a scanned copy of a fake passport, which according to Thompson, contained no accurate details, with the exception of his name. The fake ID was then apparently accepted by Facebook as sufficient proof and got the hacker complete control over Thompson's Facebook account.
Upon discovering the scam, Thompson attempted to contact Facebook, in efforts to get back control of his account. He informed the tech giant that the individual who had previously contacted the firm and provided the ID, requesting for security features to be disabled, was actually an imposter. Thompson, who claimed to have several pages on his Facebook account, which he used for business purposes, was reported feeling "pretty devastated" at having his online identity breached in such a way.
Thompson also claimed that the hacker allegedly contacted a few of his friends and even his fiancé, who he sent a picture of genitals, called her names and even asked for nude pictures. Thompson spent almost an entire day trying to get back control of his account and even wrote about the incident on Reddit.
Thompson's tale of woe, however, ended happily, when Facebook finally secured his account and returned all his business pages. A Facebook spokesperson admitted: "Accepting this ID was a mistake that violated our own internal policies and this case is not the norm."
Although Facebook eventually came through for Thompson, his experience highlights how even advance security measures can be bypassed fairly simply by cybercriminals bent upon wreaking havoc on unsuspecting victims.