Hacking Facebook accounts with just a phone number is possible, experts from Positive Technologies demonstrated it exploiting flaws in the SS7 protocol. The attack method works against any service that relies on SMS to verify the user accounts including Gmail and Twitter. Attackers can exploit the flaw in the flaw to hijack the SMS containing a one-time passcode (OTP) that is used to log in the targets Facebook account. The attacker first needs to follow the Forgot account? procedure by clicking on a link present in the Facebook homepage.”]
Source: http://securityaffairs.co/wordpress/48421/hacking/hacking-facebook-accounts-ss7.html