July 27, 2024
Hacker finds bug that allowed anyone to bypass Facebook 2FA

Hacker finds bug that allowed anyone to bypass Facebook 2FA

A flaw in a new, centralized system that Meta developed for users to manage their Facebook and Instagram logins could have made it possible for nefarious hackers to disable two-factor safeguards on an account simply by knowing the phone number of the account holder.

When a user entered the two-factor code used to log into their accounts on the new Meta Accounts Center, which enables users to link all of their Meta accounts, including Facebook and Instagram, Gtm Mänôz, a security researcher from Nepal, realized that Meta had not set up a limit on the number of attempts.

An attacker might use the victim’s phone number to access the centralized accounts center, link the victim’s number to their own Facebook account, and then brute force the two-factor SMS code. Since there was no cap on how many attempts a person might make, this was the crucial phase.

Once the attacker cracked the code, his Facebook account was connected to the victim’s phone number. After a successful attack, Meta would still notify the victim that their two-factor authentication had been blocked because their phone number had been connected to another account.

According to Mänôz, canceling anyone’s SMS-based 2FA just by knowing their phone number has the greatest impact.

Given that the target no longer had two-factor enabled, an attacker might possibly attempt to access the victim’s Facebook account at this time by phishing for the password.

Last year, Mänôz discovered the problem in the Meta Accounts Center and informed the business of it in mid-September. A few days later, Meta corrected the issue and gave Mänôz $27,200 as compensation for reporting it.

According to Meta spokesperson Gabby Curtis, the login system was still in the early stages of a limited public test at the time of the problem. Additionally, according to Curtis, Meta’s research into the flaw when it was discovered revealed no indication of its exploitation in the wild and no rise in usage of that specific feature, which would indicate that it was not being abused.

Related News

Development Company in Australia

The Top 3 Benefits of Using a Mobile Application Development Company in Australia

September 25, 2023
DevOps Services in the USA

DevOps Services in the USA: Transforming Software Development and Operations

September 17, 2023

You may have missed

Fortune Gems 2 Jili

Exploring Fortune Gems 2 Jili Features and Winning Strategies

July 24, 2024
WPC2026

WPC2026: Registration, Login, and Live Dashboard Guide

July 9, 2024
Sport An Opening to Well Being Harmony and Success

Sport: An Opening to Well-Being, Harmony, and Success

May 7, 2024
Online Casino

5 Ways To Know An Online Casino Is Legit

May 6, 2024
wpc wall panel price

Is Wpc good for home walls | wpc wall panel price

April 10, 2024
Natural Supplements for Heartburn Relief

Natural Supplements for Heartburn Relief

April 6, 2024