O
O
Oleg Sorokin2020-05-14 17:12:33
Facebook
Oleg Sorokin, 2020-05-14 17:12:33

Why did I receive a confirmation code from Facebook that I didn't request?

I just received an SMS with the following content on the phone to which my Facebook account is linked: "16435 is Cecil's Facebook confirmation code". I replaced the five-digit number with a fictitious one. The SMS came from the number from which I previously received the Facebook verification codes that I requested.

Dear specialists, please tell me:
1. For what reasons could this happen?
2. Is it dangerous for my information security?
3. What do you recommend to do in such situations?

I haven't been on Facebook for a long time. The authorization session is still active and allows me to use the account. I didn’t try to log out and log in again, and then suddenly something.

UPD: 20 minutes later another SMS came: "Armando's code is 65895. Go to Facebook and enter it to confirm, or go to https://fb.me/dfsdUIKKLdslkfmladf ". I replaced the number and set of letters in the link with fictitious ones.

Probably, someone provided my number to restore access to their Facebook account, or tried to hack my account through password recovery, but it turned out to be tied to my phone number, which is why the SMS came. And if I follow this link, then the anonymous will achieve what I want, and my number will most likely be re-linked to his account.

UPD: Wow, how persistent! )) An hour later, another SMS came: "Use 358635 for two-factor authentication on Facebook". It is interesting that there are now six numbers (replaced with fictitious ones), and that the rest of the text is different each time. ))

- - -
Thanks to everyone who answered my question! It's great that there is Habr. :)

Answer the question

In order to leave comments, you need to log in

2 answer(s)
X
xmoonlight, 2020-05-14
@Rokinso

Do not click anywhere from the mail and certainly do not enter the code sent in SMS ANYWHERE!
1. Go to your profile as usual.
2. Check all previous and current sessions
3. Increase the security level of login and account recovery.
4. Notify the administration of the incident.
Everything.

V
Vladimir Korotenko, 2020-05-14
@firedragon

I would go to the profile and check the permissions, maybe you were careless

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question