On May 31, the pseudonymous open source intelligence researcher ZachXBT posted on X about how “the Meta AI support is garbage and has lots of access perms which allowed you to reset passwords to any user without 2FA and did not verify who you are.”
ambiguous formualtion, can be read both ways; but much more explicit:
The hackers reported their exploit failing against any accounts that had enabled multifactor authentication (MFA), including the “least robust form of MFA that Instagram offers” in the form of one-time codes sent through SMS, according to KrebsOnSecurity.
Securing your various online accounts means taking full advantage of the most secure form of multi-factor authentication (MFA) offered (such as a passkey or security key). In this case, even using the least robust form of MFA that Instagram offers — a one-time code sent via SMS — likely would have blocked the exploit: The hackers who released the video on Telegram said their exploit failed to work against any accounts that had MFA enabled.
threaded - newest
Amazing. No notes.
Clowns in a clown world.
damn
arstechnica reports that 2FA protects you, also KrebsOnSecurity
ambiguous formualtion, can be read both ways; but much more explicit: