A bug in a new central system Meta has been created for users to manage their Facebook logins and Instagram may have allowed third-party attackers to disable two-factor authentication for an account Just by knowing their email address or phone number.
This error mainly focused on the fact that Meta did not set a limit on attempts when verifying a 2FA authentication token It is sent to the phone number of the specified user, so that the account can be accessed through brute force, Change the 2FA authenticator to the attacker’s account to prevent the victim from doing anything.
From here, only Facebook accounts were vulnerable, so a user could be a victim of a phishing attack to get their password and finally see their Facebook account. howeverIf 2FA is disabled as part of the attack, we will receive at least a notification via email like the one we see in these lines.
Anyway, this problem should already have been fixed as we can see in Techcrunchas reported in mid-September and a patch was released in October.
The end of the article. Tell us something in the comments!
Jordi Brishall
Passionate about technology and electronics. I’ve fiddled with computer components almost since I could walk. I started working at Geeknetic after winning a contest on their forum to write articles about hardware. Lover of drifting, mechanics and photography. Feel free to leave a comment on my articles if you have any questions.
“Beer enthusiast. Subtly charming alcohol junkie. Wannabe internet buff. Typical pop culture lover.”