Security News

Researcher Bypasses Instagram 2FA to Hack Any Account

instagram image

An independent researcher earned a $30,000 bug bounty after discovering a weakness in the mobile recovery process.

The researcher discovered a weakness in the Instagram mobile recovery process that would allow account takeover for any user, via mass brute-force campaigns.

Independent researcher Laxman Muthiyah took a look at Instagram’s mobile recovery flow, which involves a user receiving a six-digit passcode to their mobile number for two-factor account authentication (2FA). So, with six digits that means there are 1 million possible combinations of digits making up the codes

Read here the full story on ThreatPost:

Leave a Comment

Your email address will not be published.

You may also like