TechDogs-"Alert! Facebook 2FA bypassed – a bug is responsible for that!"

Cyber Security

Alert! Facebook 2FA bypassed – a bug is responsible for that!

By TechDogs Bureau

TD NewsDesk
Overall Rating
If you are a Facebook user, the news of the recent bug in Meta's centralized system might shock you. Let's check out the whole story - Meta has created a centralized system for users to manage their logins for Facebook and Instagram. On 30th January, a bug was detected in this centralized system and it could have allowed the dark, dark forces of the web world to switch off an account's two-factor protection just by knowing their phone number. It means if someone knows your contact number, they might be able to access, delete or hack your Facebook account!

TechDogs-"A Screenshot of An email from Meta to an account owner telling them that their two-factor protections have been switched off."
Even more shocking is that the victim's phone number can be a gate pass! Hackers can use the victim's phone number and go to the centralized accounts center, link that number to their own Facebook account and then brute force the two-factor SMS code. It was the critical step because there was no upper limit to the number of attempts someone could make. It would take these simple steps for the hacker to take over the victim's Facebook account, just phishing for the password, given that the target didn't have two factors enabled anymore.

According to Gtm Mänôz, a security researcher from Nepal, there's no limitation by Meta on the number of attempts for entering the two-factor code authentication. This code is used for logging into accounts on the Meta Accounts Center, enabling users to link all their Meta accounts, such as Facebook and Instagram.

In an interview with TechCrunch, Mänôz, "Basically, the highest impact here was revoking anyone's SMS-based 2FA just knowing the phone number." Mänôz found the bug in the Meta Accounts Center and reported it to the company in mid-September last year.

TechDogs-"A Screengrab Of Meta"

TechCrunch asked Meta for its reply on this whole incident. Meta spokesperson Gabby Curtis said that at the time of the bug, the login system was still at the stage of a small public test. He noted that Meta's investigation after the reported bug found no proof of exploitation in the wild and that Meta saw no spike in usage of that particular feature, which would signal that no one was abusing it.

Besides, Facebook is set to make two-factor authentication (2FA) mandatory for high-risk accounts likely to be targeted by malicious hackers. You can think of this as an essential part of Facebook's enhanced security program intended to protect the funds of authorities like human rights defenders, journalists and government officials who may be at particular risk.

Head of Security Policy at Facebook, Nathaniel Gleicher, said, "2FA is such a core component of any user's online defense, so we want to make this as easy as possible. To help drive wider enrollment of 2FA, we need to go beyond raising awareness or encouraging enrollment. It is a community of people that sit at very critical points in public debate and are highly targeted, so for their protection, they probably should be enabling 2FA." He further added that "in early testing, mandating Facebook Protect saw more than 90% of high-risk users enroll in 2FA." What are your views on this news? Will measures like two-factor authentication help Facebook combat such bugs?

First published on Fri, Feb 3, 2023

Liked what you read? That’s only the tip of the tech iceberg!

Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!

Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.

Dive into TechDogs' treasure trove today and Know Your World of technology like never before!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Join The Discussion

- Promoted By TechDogs -

IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment

Join Our Newsletter

Get weekly news, engaging articles, and career tips-all free!

By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.

  • Dark
  • Light