adUnits.push({
code: ‘Rpp_tecnologia_facebook_Nota_Interna1’,
mediaTypes: {
banner: {
sizes: (navigator.userAgent.match(/iPhone|android|iPod/i)) ? [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100]] : [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100], [635, 90]]
}
},
bids: [{
bidder: ‘appnexus’,
params: {
placementId: ‘14149971’
}
},{
bidder: ‘rubicon’,
params: {
accountId: ‘19264’,
siteId: ‘314342’,
zoneId: ‘1604128’
}
},{
bidder: ‘amx’,
params: {
tagId: ‘MTUybWVkaWEuY29t’
}
},{
bidder: ‘oftmedia’,
params: {
placementId: navigator.userAgent.match(/iPhone|android|iPod/i) ? ‘22617692’: ‘22617693’
}
}]
});
Hacker found a bug in the app facebook which allowed users to bypass 2-step authentication when logging in.
Gtm Mänôz, a researcher in Nepal, realized that hackers would only be able to access their profiles by knowing the phone number of the account they were logged into.
Vulnerabilities in Facebook
According to the white hat hacker, using the victim’s phone number, the criminals could go to the Meta account center, which helps users link their company accounts, for example facebook, Instagram and Messenger to link this number to your account and then force a two-factor SMS code. At this time, there will be no upper limit on the number of attempts.
In this case, the attacker links his Facebook account with the victim’s phone number. A successful attack will still cause Meta to send a message to the victim that their double factor is disabled because their phone number is linked to someone else’s account.
Theoretically, at this point, an attacker could try to take over the account. facebook from the victim, simply by phishing to get the password, since the target no longer had two-factor enabled.
Facebook responds
The researcher discovered the bug in 2022 and reported it to the company in September. Target corrected the error and paid him a $27,000 reward.
Gabby Curtis, Representative Targetpointed to TechCrunch that the login system was under testing at the time of the error. The company said that this is not a vulnerability used to steal accounts.
We recommend you METADATA, an RPP technology podcast. News, analytics, reviews, recommendations and everything you need to know about the world of technology.
Source: RPP
I am Ben Stock, a passionate and experienced digital journalist working in the news industry. At the Buna Times, I write articles covering technology developments and related topics. I strive to provide reliable information that my readers can trust. My research skills are top-notch, as well as my ability to craft engaging stories on timely topics with clarity and accuracy.