The concern, reported in September, could have cost the platform dearly. The Meta group (parent company of Facebook and Instagram) paid the researcher €27,000 for his contribution.
A flaw identified in September
Gtm Mänôz noticed in September that Facebook had not imposed two-factor login attempt limits when a user wanted to log into an account, reports TechCrunch. The computer researcher then reported this flaw to the group Meta.
A hacker in possession of the user’s phone number could associate it with his own account Facebook. The number of attempts to enter the code received by SMS being unlimited, it could generate an infinite number of number combinations allowing access to the Internet user’s account.
Meta avoids disaster thanks to Gtm Mänôz
When the hacker gets the correct code, the phone number is linked to his account. The victim then receives a message from Facebook indicating to him that the double authentication system is no longer valid, because the number is linked to another account.
Meta quickly fixed this flaw after receiving the report from Gtm Mänôz. The group paid 27,000 euros to the researcher for his contribution. Only a small number of users were affected, however reassures the platform.
