Like many other internet services, Facebook also offers its users to recover their passwords through SMS-based
Though recently, a vulnerability is found in SS7, a network protocol used by telecom companies. It makes the SMS sent by Facebook vulnerable to interception.
The hacker could try to login the Facebook account of user and opt for ‘Forget Password’. Then they would choose to receive the authentication code via SMS and insert the code to break into the Facebook account.
This was firstly reported by Positive Technologies, who blamed the telecom operators who have not fixed SS7 vulnerabilities from past 8 years.
Facebook replied to it saying that the hacking is only possible in case of authentication code but not if the user opts for two factor authentication.
The hackers could use the same method to break into Whatsapp, Twitter and many other online services giving the option of password recovery via SMS.