Meta’s 2FA security protections could have been switched off with ease

As late as September 2022, a bug in Meta’s centralized account management system allowed threat actors to remove 2FA protections for Facebook accounts simply by knowing the phone number attached to an account.

According to a Medium post (opens in new tab), (via Techcrunch (opens in new tab)), security researcher Gtm Mänôz found that, from the Meta Accounts Center (opens in new tab) account management system designed to link Facebook and Instagram accounts, an attacker could enter a victim’s phone number, link the number to their own Facebook account, and then brute force the 2FA SMS code for the victim’s account, thanks to there being no set upper limit for code entry attempts.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.