Hi guys,

If you use Facebook or Instagram please update as soon as possible as they both have a serious security flaw that can allow a ‘threat actor’ (this is the new, nicer way of saying hacker!) to gain access to your account.

Bug-bounty hunter (someone who gets paid to find security flaws) named Gtm Mänôz, found an issue in Meta’s Instagram API endpoints that could allow a threat actor to launch brute-force attacks and bypass two-factor authentication (2FA) on Facebook.

You can read his posting HERE, but in a nutshell, he first discovered a user could link their Instagram and Facebook accounts by adding in an already confirmed mobile number associated with the Facebook account. Once the mobile number is entered, Facebook generates a one-time code to verify the user’s identity. From here, he was able to launch a brute-force attack (guess millions of passwords in a few seconds/minutes) to confirm a one-time Facebook PIN to link the accounts, effectively bypassing 2FA security.

How do you stay safe?

In order to stay safe just make sure you are running the latest versions of Instagram and Facebook.

Let me know if you need anything.

Sending you best wishes for a great weekend ahead 🙂

Max Roberts,
Incognito Privacy Care Team.

PS. If you have time it would be great if you could leave a review on the Play Store., We are getting attacked from all sides at the moment. The spyware companies we target are coming after us hard at the moment (we are grand though, fully protected and fortified). A good review will help us massively though as it will help to drive us up to the top of the rankings. 🙂 if you have time I would be really grateful. Thank you 🙂 🙂