Urgent warning to millions of Facebook users – important setting could be switched off by account raider

FACEBOOK users have been left vulnerable to a bug which meant hackers were able to crowbar their way into accounts.

The bug meant Facebook’s Two-Factor Authentication security feature could be disabled, one researcher discovered.

AlamyIt is not clear how long the bug was active for[/caption]

The bug was unfixed as late as September 2022, security expert Gtm Mänôz revealed in a recent Medium post.

The security hole was hiding in Meta’s account management system, known as the Meta Accounts Centre.

It allowed hackers to remove Two-Factor Authentication protections for Facebook accounts – simply by knowing the phone number attached to the account.

Two-Factor Authentication is an extra layer of protection, which means users must jump through two security hoops instead of one to access their account.

This might involve connecting a phone number or security question to your account alongside a password.

Because of the bug, an attacker could enter a victim’s phone number as it it were the number to their own Facebook account.

The bad actor could then brute force the Two-Factor Authentication SMS code and gain access to the victim’s Facebook account.

Victims would then have their Two-Factor Authentication disabled, leaving their accounts secured by only a password.

Hackers could then target these victims with phishing or social engineering attacks to gain access to the password.

Phishing is when hackers send emails pretending to be a company or company representative to try and tease personal information out of victims.

Social engineering is when hackers impersonate a friend or family member and tug at the heart strings in order to get personal information or money.

Mänôz has no idea how long the bug was active for.

However, Facebook’s parent company Meta patched up the security flaw in October.

If users suspect their account has been accessed from an unfamiliar location, or that they have been a victim of an online scam, then it is always best to change and update password and security settings.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…

How to delete your Instagram account
What does pending mean on Snapchat?
How to check if you’ve been blocked on WhatsApp
How to drop a pin on Google Maps
How can I change my Facebook password?
How to go live on TikTok
How to clear the cache on an iPhone
What is NFT art?
What is OnlyFans?
What does Meta mean?

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

  Read More 

Advertisements