Double authentication does not always guarantee more security. Computer researcher Gtm Mänôz discovered last September that Meta (Facebook’s parent company) had not imposed two-factor login attempt limits when a user wants to log into the Meta Account Center, reports the specialized media. TechCrunch.
The Meta Account Center is the platform that allows you to link your Facebook and Instagram accounts. Equipped with the user’s phone number, the hacker associates this number with his own Facebook account. Since the number of attempts to enter the code received by SMS is unlimited, the hacker can generate, through a system, an infinity of combinations of numbers that allow access to the account.
Once the correct code is obtained, the phone number is linked to the hacker’s account. Facebook then sends the victim a message telling them that the double authentication system is no longer valid because the number is linked to another account. The hacker can then access the account only by spoofing the password.
no major incidents
Gtm Mänôz received €27,000 from Facebook for reporting this bug. For its part, Facebook claims TechCrunch that the glitch was fixed just a few days after the report was made. The platform also specifies that the double connection was only a small test that involved only a few users. The internal investigation also revealed that there was no evidence of widespread exploitation of this flaw.
In 2021, with its Facebook Protect system, the social network encouraged the use of two-factor login for accounts considered to be at high risk of hacking.
Source: BFM TV
