Instagram 2FA Bypass, A Tale of Superlative Bug Hunting Skills & Indolent Multi-Factor Authentication
Via Tara Seals writing at the Threatpost Blog, detailing the highly competent bug hunting skill set of Laxman Muthiyah, examining - if you will - the lackadaisical 2FA data flow promulgated by Facebook, Inc. (Nasdaq: FB) on the company's owned Instagram.
"Independent researcher Laxman Muthiyah took a look at Instagram’s mobile recovery flow, which involves a user receiving a six-digit passcode to their mobile number for two-factor account authentication (2FA). So, with six digits that means there are 1 million possible combinations of digits making up the codes." - Via Tara Seals writing at the Threatpost Blog