Obvious Bug in Facebook Verification System

Registration date
Sunday November 3, 2019
Last seen
November 3, 2019
My friend has a phone registered at facebook.

Facebook knows his phone. He can change his password by getting SMS on his phone on file.

However, after login, facebook will ask him to verify with SMS.

The problem is, facebook does not have country code on this second phone.

It's as if the guy have 2 phone numbers on file at facebook. First is with country code. Another is without country code.

When changing password, facebook uses the correct phone, with country code.

When verifying facebook uses the phone number that's without the country code.

Here is the screenshot

Of course the guy never got SMS from facebook to that phone. There is no country code there.

However, if he clicks forget password one of the option is to verify by SMS. This time, facebook will send SMS and he will receive it. So facebook knows his number. The bug means facebook uses a different phone for verification.