cybersecurity

6204 readers

51 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 3 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

The Newest Instagram "Exploit" is the Goofiest I've Seen (www.0xsid.com)

submitted 4 days ago by cm0002@libretechni.ca to c/cybersecurity@infosec.pub

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] guitarfosec@infosec.pub 4 points 4 days ago

Amazing. No notes.

[–] venus@infosec.pub 2 points 4 days ago

Clowns in a clown world.

[–] Kissaki@programming.dev 1 points 4 days ago

the original 2FA gets thoroughly bypassed in the process

arstechnica reports that 2FA protects you, also KrebsOnSecurity

On May 31, the pseudonymous open source intelligence researcher ZachXBT posted on X about how “the Meta AI support is garbage and has lots of access perms which allowed you to reset passwords to any user without 2FA and did not verify who you are.”

ambiguous formualtion, can be read both ways; but much more explicit:

The hackers reported their exploit failing against any accounts that had enabled multifactor authentication (MFA), including the “least robust form of MFA that Instagram offers” in the form of one-time codes sent through SMS, according to KrebsOnSecurity.

Securing your various online accounts means taking full advantage of the most secure form of multi-factor authentication (MFA) offered (such as a passkey or security key). In this case, even using the least robust form of MFA that Instagram offers — a one-time code sent via SMS — likely would have blocked the exploit: The hackers who released the video on Telegram said their exploit failed to work against any accounts that had MFA enabled.