![[Img #74664]](https://thelatestnews.world/wp-content/uploads/2024/12/James-Watson-The-controversial-genius-behind-the-double-helix-150x150.jpg)
A bug in a new centralized system Meta created for users to manage their Facebook logins and Instagram may have allowed third-party attackers to disable two-factor authentication for an account just by knowing their email address or phone number.
This bug was mainly focused on the fact that Meta did not establish a limit of attempts when verifying the 2FA authentication code sent to the phone number of the specific user, so that access to the account could be obtained through brute force, changing the 2FA authenticator to the attacker’s account to prevent the victim from doing anything.
From here, only Facebook accounts were vulnerable, so a user could be the victim of a phishing attack to obtain their password and finally see their Facebook account compromised. Neverthelessif our 2FA has been disabled as part of the attack, we will receive at least a notice by email like the one we see on these lines.
In any case, this problem should have already been fixed as we see in TechCrunchas it was reported in mid-September and a patch was released in October.
End of Article. Tell us something in the Comments!
Jordi Bercial
Avid technology and electronics enthusiast. I tinkered with computer components almost since I could walk. I started working at Geeknetic after winning a contest on their forum for writing hardware articles. Drift, mechanics and photography lover. Do not hesitate and leave a comment on my articles if you have any questions.
