The core problem is that telecom companies recycle phone numbers that have been abandoned after a brief waiting period – at least 45 days in the US. That can become a problem because many online services require a phone number to identify users and/or send one-time passwords for two-factor authentication. Users who abandon a number, and forget to update their new number, are therefore at risk of malicious account reset attempts by whoever gets access to their old numbers.
Nonetheless, it appears this vulnerability persists with other online services that rely on mobile phone numbers for multi-factor authentication.gaining access to a"random girl's" account by using a newly provisioned mobile phone number to login to Meta's Instagram service. But not having the password isn't necessarily a barrier. The phone number may be sufficient to reset the password and access it despite multi-factor authentication. Typically, users are sent notification of the password change to the email address associated with their account.
Procedural variations aside, initiating a password reset without permission to hijack an online account is against the law in the US, the UK, and elsewhere, Hanff wrote in hisHanff subsequently tried to alert Meta."I reported this under their security vulnerabilities system as there is no other obvious way to report this," he told."Obviously I am not interested in any bounty, I am just trying to get this fixed, but Meta has a habit of obstructing people from contacting them.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: NUFCTheMag - 🏆 124. / 51 Read more »
Source: ftenergy - 🏆 47. / 63 Read more »
Source: BBCNews - 🏆 3. / 97 Read more »
Source: ftenergy - 🏆 47. / 63 Read more »
Source: BBCWestScot - 🏆 85. / 53 Read more »
Source: Glasgow_Live - 🏆 4. / 97 Read more »