General Question
Do you think Facebook was honest with its response?
My Facebook two-Factor authentication code was sent by an unknown mobile number instead of Facebook. So I believed this should be a security bug from Facebook. I tried to log into my account and the same thing happened again, but this time, my two-factor authentication code was sent by another mobile phone number and in a different style. I tried to reproduce this bug and I was able to reproduce it. I reported this bug to Facebook in details through their bug bounty programme and Facebook said they actually own the two numbers I reported but my country operator was not fully aware of that, hence it did not display the label “Facebook”. I was not paid anything and the issue was closed by Facebook.
However, looking at the format of the messages, I don’t want to believe that the messages were from facebook. Although, the codes sent were valid.
The first message goes thus: “free delivering message system. auth pin XXXXXX sent f00r y00u fr00m facbk”
Note the following in the message:
1. free delivering message(grammatical blunder)
2. auth (abbreviation and small letter ‘a’ after a period, another unprofessional writing style)
3. f00r( using two zeros instead of letter “o” and spelling f00r instead of “for”)
4. y00u(using two zeros instead of letter “o” and spelling y00u instead of you)
5. fr00m(same error as in 3 and 4)
6. facbk(abbreviating Facebook as fcbk, I don’t think any company employee will go down to this level)
7. No period (full stop) at the end of the message.
The second message goes thus:”Use XXXXXX for….on….”. Although the code was valid when I entered it, but I don’t want to believe that it was sent by Facebook. Or why will Facebook write “for … on….”?
What do you think I can do?
3 Answers
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.