Instagram 2FA Bypass, A Tale of Superlative Bug Hunting Skills & Indolent Multi-Factor Authentication

Via Tara Seals writing at the Threatpost Blog, detailing the highly competent bug hunting skill set of Laxman Muthiyah, examining – if you will – the lackadaisical 2FA data flow promulgated by Facebook, Inc. (Nasdaq: FB) on the company’s owned Instagram.

Cybersecurity Live - Boston

“Independent researcher Laxman Muthiyah took a look at Instagram’s mobile recovery flow, which involves a user receiving a six-digit passcode to their mobile number for two-factor account authentication (2FA). So, with six digits that means there are 1 million possible combinations of digits making up the codes.” – Via Tara Seals writing at the Threatpost Blog

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: