As maslicious as always, hackers find different ways to break and disable security reinforcements.
This is the case of a “gltch” found in the latest version of META, an application developed for users to manage their facebook and Instagram accounts ‘sign in’ from one console.
Most of us, use a 2 step verification protection which is usually linked to our mobile number.
A Nepalese researcher, Gtm Mänôz, found out that there isn’t a limit of attempts when the two-factor-code is used to log into accounts on the Meta Management console.
Learn more about online security from our previous posts.
But, How is this possible?
The hacker would only need to obtain the target’s mobile number, enter it into the Meta Management console and link it to their own facebook account. Once completed, they would have unlimited chances to brut force the 2 step verification SMS code.
Meta would still send an alert to the original account owner informing the 2 factor authentication had been disabled since their phone number was added to another account.
Taking over the victim’s Facebook account by phishing for the password would now be much easier since the 2 factor authentication is no longer configured.
Hacker finds bug that allowed anyone to bypass Facebook 2FA. (2023, January 30). TechCrunch+. https://techcrunch.com/2023/01/30/facebook-two-factor-bypass-bug/
If you like this post, leave us a comment and share it with your friends and family.
See you next time!