Instagram 2FA Bypass, A Tale of Superlative Bug Hunting Skills & Indolent Multi-Factor Authentication

Via Tara Seals writing at the Threatpost Blog, detailing the highly competent bug hunting skill set of Laxman Muthiyah, examining – if you will – the lackadaisical 2FA data flow promulgated by Facebook, Inc. (Nasdaq: FB) on the company’s owned Instagram.

“Independent researcher Laxman Muthiyah took a look at Instagram’s mobile recovery flow, which involves a user receiving a six-digit passcode to their mobile number for two-factor account authentication (2FA). So, with six digits that means there are 1 million possible combinations of digits making up the codes.” – Via Tara Seals writing at the Threatpost Blog

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2019/7/16/instagram-bypass-a-tale-of-lackadasical-2fa