Just simple steps are enough to hack a Facebook account using a text message. You have to belief this. Yes a security researcher based on UK named as “fin1te” have explained the steps of hacking a Facebook account using a text message.
Every Facebook users are linked to their mobile phones and sure that there are about 90% users of Facebook are using mobile for the updates and using this option you can login into Facebook account using the mobile number and not using email address or username for the login.
The following steps help to login to the Facebook account without a user interaction. The security flaw is in the page that conforms the mobile number which is located in the path /ajax/settings/mobile/confirm_phone.php and the important is the profile_id and validation_code.
Step 1: Profile_id is the one which links to the account with the help of the mobile number. On editing this id, with the trigger to an error it takes to profile id into it, in this place the security flaw helps the user to hack a Facebook account.
Step 2: send the F to 32665 (for UK users) which helps you receive the validation code which helps as the conformation code to login to the account.
Step 3: validation_code is the one which links to your mobile number. On submitting the conformation code in the fbmobileconformation form helps to change the linked account. On changing the mobile number to your own number and now you can login by using the forgot password in the login page which sends you the code to your own mobile number to reset and access the account.
After the bug report from the hacker, Facebook is not accepting the profile_id from the end user and for informing about this bug the hacker receives $20,000 for informing this bug. This part is explained from the blog post by the hacker.