Article 68BPW Meta’s Account Center came with a 2FA-defeating bug

Meta’s Account Center came with a 2FA-defeating bug

by
Mitchell Clark
from The Verge - All Posts on (#68BPW)
STK043_VRG_Illo_N_Barclay_5_Meta.0.jpg Illustration by Nick Barclay / The Verge

Meta's Accounts Center feature had a bug that let hackers brute force SMS two-factor authentication, allowing them to bypass the additional protection (via TechCrunch). The vulnerability, which Meta says it fixed in December, was reported by Nepalese security researcher Gtm Manoz, who detailed the exploit in a Medium post earlier this month.

It was a significant find, as Meta seems to be putting more and more focus on its Accounts Center feature, letting you manage settings and security information from it, as well as use it to switch to your other accounts. According to Manoz, the attack was relatively simple; if you knew the phone number or email address the other person used for two-factor authentication, you could link it to your own...

Continue reading...

External Content
Source RSS or Atom Feed
Feed Location http://www.theverge.com/rss/index.xml
Feed Title The Verge - All Posts
Feed Link https://www.theverge.com/
Reply 0 comments