Facebook with fatal vulnerability. Another huge mistake

A serious error has been discovered in the Facebook and Instagram login system. This led to criminals being able to use two-factor authentication to take over our account!

Goal has experienced many scandals and accidents that could harm the privacy of the platform’s users. It turns out that not so long ago Facebook got Internet users into trouble again – this is the point Two-factor authentication.

Two-factor authentication is a solution worth having every day. It requires us to additionally confirm the password, for example by entering a code that will be sent to our phone number.

We will use this solution, for example, in Google services, but also on Facebook or Instagram. However, it turns out that it didn’t work quite efficiently on the last two.

Photo Facebook

Facebook screwed up again. 2FA didn’t work properly

In 2022, security researcher Gtm Mänôz noticed a serious flaw in the security of two-factor authentication. It turned out that Meta has not set a limit on attempts when entering the code from SMS.

This means that a hacker who has the victim’s phone number or email address is able to do so Link the number to your own Facebook account in the central account center and then enforce receipt of a two-factor SMS code.

Also, key here is the fact that Meta didn’t limit the attempts to enter the code. Using the brute force technique, the hackers were able to reach the right one by generating subsequent codes.


Facebook and Instagram will disappear from Europe? / Photo Meta

The moment the criminal guessed the code, the victim’s phone number was linked to the attacker’s Facebook account, and two-factor authentication was disabled on the victim’s account because the phone number was linked to another account was. However, the victim would be informed of this in an email via Facebook.

Fortunately, this glaring error has already been fixed by Meta. Gtm researcher Mänôz received an award from Meta for discovering the vulnerability in the form of 27 thousand dollars.

A spokesman for Meta says there is no evidence of exploitation of the vulnerability in the natural environment and the company has not seen any increase in usage of this particular feature.

Facebook is draining your smartphone’s battery. It has its own selfish purpose


Related posts

Leave a Comment