Up next
Author

FACEBOOK users have been left vulnerable to a bug which meant hackers were able to crowbar their way into accounts.

The bug meant Facebook’s Two-Factor Authentication security feature could be disabled, one researcher discovered.

It is not clear how long the bug was active for

1

It is not clear how long the bug was active forCredit: Alamy

The bug was unfixed as late as September 2022, security expert Gtm Mänôz revealed in a recent Medium post.

The security hole was hiding in Meta’s account management system, known as the Meta Accounts Centre.

It allowed hackers to remove Two-Factor Authentication protections for Facebook accounts – simply by knowing the phone number attached to the account.

Two-Factor Authentication is an extra layer of protection, which means users must jump through two security hoops instead of one to access their account.

Greggs fans warned about 'free' sausage roll offer on Facebook
Urgent 'danger' warning for Facebook users – beware these 'red flags'

This might involve connecting a phone number or security question to your account alongside a password.

Because of the bug, an attacker could enter a victim’s phone number as it it were the number to their own Facebook account.

The bad actor could then brute force the Two-Factor Authentication SMS code and gain access to the victim’s Facebook account.

Victims would then have their Two-Factor Authentication disabled, leaving their accounts secured by only a password.

Most read in Tech

Hackers could then target these victims with phishing or social engineering attacks to gain access to the password.

Phishing is when hackers send emails pretending to be a company or company representative to try and tease personal information out of victims.

Social engineering is when hackers impersonate a friend or family member and tug at the heart strings in order to get personal information or money.

Mänôz has no idea how long the bug was active for.

However, Facebook’s parent company Meta patched up the security flaw in October.

If users suspect their account has been accessed from an unfamiliar location, or that they have been a victim of an online scam, then it is always best to change and update password and security settings.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

This post first appeared on Thesun.co.uk

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

GM and PG&E to Test Program for Electric Vehicles to Boost Power Grid

General Motors Co. GM 2.49% and PG&E Corp. PCG -0.05% plan to…

How Far-Right, Extremist Militias Organize On Facebook

Leah Feiger: Thanks, David. Something to continue thinking about and keeping track…

Are You ‘Extremely Hardcore’ or Not? How Elon Musk Is Dividing Silicon Valley’s Elite

Elon Musk has sometimes seemed like the person Silicon Valley would create…

Climate change to blame for wiping out Central Asia’s medieval river civilisations 700 years ago 

Climate change – not Genghis Khan – was to blame for wiping out…