FACEBOOK users have been left vulnerable to a bug which meant hackers were able to crowbar their way into accounts.
The bug meant Facebook’s Two-Factor Authentication security feature could be disabled, one researcher discovered.
1
The bug was unfixed as late as September 2022, security expert Gtm Mänôz revealed in a recent Medium post.
The security hole was hiding in Meta’s account management system, known as the Meta Accounts Centre.
It allowed hackers to remove Two-Factor Authentication protections for Facebook accounts – simply by knowing the phone number attached to the account.
Two-Factor Authentication is an extra layer of protection, which means users must jump through two security hoops instead of one to access their account.
This might involve connecting a phone number or security question to your account alongside a password.
Because of the bug, an attacker could enter a victim’s phone number as it it were the number to their own Facebook account.
The bad actor could then brute force the Two-Factor Authentication SMS code and gain access to the victim’s Facebook account.
Victims would then have their Two-Factor Authentication disabled, leaving their accounts secured by only a password.
Most read in Tech
Hackers could then target these victims with phishing or social engineering attacks to gain access to the password.
Phishing is when hackers send emails pretending to be a company or company representative to try and tease personal information out of victims.
Social engineering is when hackers impersonate a friend or family member and tug at the heart strings in order to get personal information or money.
Mänôz has no idea how long the bug was active for.
However, Facebook’s parent company Meta patched up the security flaw in October.
If users suspect their account has been accessed from an unfamiliar location, or that they have been a victim of an online scam, then it is always best to change and update password and security settings.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
