
It was a Sunday morning when 27-year-old Jess received a message from a friend named Olivia.
They weren’t close, necessarily. But they had bumped into each other the night before, so it wasn’t entirely unusual that Olivia’s name might pop up on her phone.
“Hey question :)”, Olivia wrote on Facebook messenger.
“Having phone trouble :( can I send you a quick text and have you tell me a number from it? Sorry not many people on to ask.”
It was a bit weird, Jess said in retrospect. But at the time, “I didn’t think twice about what she was asking,” Jess told Mamamia.
“Of course I wanted to help a friend out. I willingly sent her my phone number, agreeing to send her a screenshot of the codes I was sent,” she said.

For those who might not be familiar, if you find yourself locked out of Facebook for whatever reason, sometimes you can elect to have a code sent to your phone in order to verify your identity. The same applies for Gmail, MyGov, and most other password protected accounts.
Most of us have probably done it unconsciously a dozen times this year.
But when Jess sent the screenshots to Olivia, strange things began to happen.
Jess received an email from Facebook alerting her to the fact they'd received a request to reset her Facebook password.
Had something gone wrong, she wondered? Confused, she messaged Olivia back and asked what was going on. Olivia replied almost immediately, with a vague reason that somewhat made sense.
By this point, it was getting late. Jess had other things on her mind. She'd sort it out in the morning.
Top Comments
Why anyone would ever think it a smart idea to send or upload nudie pics is beyond my comprehension. In a world where cyber crime, hacking or just old fashioned revenge is strife, there is no 100% guaranteed safe guard from the above scenario.
The scammer initiated the 2 factor password recovery to get in in the first place.
Facebook has an option when you log in from a computer where you can download all your data. This is what they would have used to get the photos. Once they had hey password.
If you have any concern then download your own data and look though the photos to see if there is anything you would want to remove.
Once you take anything down your done want them download the full profile again to confirm.
Exactly! Two-step authentication isn't worth a hill of beans if you provide your phone number and the authentication code to someone!