Why would a scammer go to the bother of creating a fake page when EvilGnx will just proxy the real page and automatically steal the MFA cookie? No typos, no grammatical issues, and as its a proxy it will only accept the correct credentials.
But the rate-limiting issue on Instagram's endpoint could allow a threat actor to drive unlimited bot traffic to launch a brute-force attack to confirm a one-time Facebook PIN to link the accounts, effectively bypassing Facebook's 2FA protections.
Facebook for 2FA security issue
On Jan. 4, 2018, Facebook CEO Mark Zuckerberg posted his New Year's resolution, vowing to fix Facebook's various issues with abuse, election interference and misinformation campaigns. But a timeline of events since then shows a bevy of Facebook security and data privacy issues.
In April 2018, the company admitted the Cambridge Analytica scandal may have involved as many as 87 million people. Following this admission, Zuckerberg testified before Congress and EU lawmakers regarding Facebook security issues.
Additionally, in April 2018, KrebsOnSecurity reported on dozens of Facebook groups openly being used for cybercrime purposes. This Facebook security issue would surface again in April 2019, as Cisco Talos researchers found similar cybercrime groups still operating openly on Facebook, with little action from the social media giant to remove them.
I was just wondering if you ever got a reply from facebook/ managed to get back in? Like you, I have about a decade of photos on there, and also just feel really uncomfortable that a hacker still has access to my account!
Hi there! The same thing happened to me and I am STRUGGLING. I run multiple facebook accounts for my clients through my personal account and am at a complete loss. If you have found a solution, please do share!
Hi Elaine,Did you have any updated tips or info on how to get your account back the fastest based on this problem? Currently experiencing the same issue with them changing the Code generator app and me not being able to get the code. Trying to reach FB to get them to remove the 2FA req. but no luck yet.
Which is why a petition has been set up against Facebook highlighting these very issues, especially that we are being asked for highly confidential ID which could be used for anything, and we would be totally unaware!!
I have been off facebook since June 2022 and I finally changed the email and password to the account In July but now this 2FA is turned on I need it to be turned off so I can enter my new phone number!
Can you tell us what exactly you told the Oculus people. My family already has 2 Oculus Go devices and just bought a Quest for my nephew in March. What do we have to do to regain access to Facebook because I have the same issue as all of you: randomly locked out. Rest password. But have 2 step authentication all of a sudden.
Was the email address from facebook long and looked suspicious. I got an email from this info++aazrrfqn6ri4k3@support.facebook.com. just seems like a scam email but they emailed me to an alternative email address that I gave to oculus customer service.
Same thing has happened me ? seems like my old Yahoo account was involved in a data breach so hackers were able to change everything and deactivate my facebook. This happened yesterday so have been trying everywhere but seem to be going round in circles to no avail. Keeping positive thoughts that I can get it resolved but facebook customer service is juat awful. Have started bombarding them on twitter and even instagram for help.
Sounds just like my email ,i still havent heard a thing and oculas no longer replying to my messages ,we had our oculas since dec its my daughters its so unfair ,i have now issued a complaint to ico.org as you are entitled to do that after 28 days they then deal with fb as to why they havent rectified the issue and the account is still compromised with two factor
Hi if you are trying to login with the hackers email then id presume fb think that you have access to that email address and cud send correspondence there ,i had no contact from any of those emails you mention ive even written to fb ireland ,as your account is still showing the hackers email after you have sent your passport to fb then that is a breech of your data protection ,please raise this with ico.org.uk they will take your complaint on and contact fb for you just fill in your complaint and issue on there site they are above fb ,im over a month locked out of my account and still no luck i have an oculas too since dec and still cant get help from either company
Hi catherine ,i wrote to fb ireland head office i also have issued a data protection complaint against fb for not securing my account if two factor is set up they have failed to secure it which is there duty of care to there users i contacted ico.org who told me on the phone they have breeched my data protection ,i complained as nobody was replying to my messages to oculas or fb ,it caused me so much stress knowing hackers had more chance of getting in my account than i did as fb left there email on there which i could see when i tried to login ,im glad it has now been resolved but i pushed and pushed everyday for help
That is the same thing for me as well. Got back to me twice to reset password, but ignore my request to bypass the 2 step authentication the hacker put on. There should be something for that on the list of issues we have to check off. So many with the same problem.
The update is at the end of the original blog post, not in the comments. This link should take you right to it; otherwise, just look for the UPDATE heading in the main text: -elaineous.com/about-the-time-hackers-activated-two-factor-authentication-on-my-facebook-account/#april2021
Hi,I am a graphic designer.Let me describe my issue.After restting my mobile the code coming to google authenticator app is not accepeted by face book account.I have only 10 old back up codes and an old QR code from google authenticator which I have saved 3 months before.I forgot to keep the latest QR code from face book or from Google authenticator.
I contactd facebook they said they can do anything.I sumbitted the IDS which was rejected.Because the personal facebook profile from which the company created the facebook business page is not for a person its the name of our subcompany.So there is no personal IDS like passort, visa, driving liscence,etc. to submit.
Hi I had some anxiety on my PC and set up a facebook code via Microsoft Authenticator app as extra security after putting in password,to my horror I reset my phone and the codes i had were lost. In saying this I do have some strong suspicions due to other security issues ive had that efforts have been made from possible hackers i do not get my account back,however I know my facebook account has not gone as I still get friend updates via email. Ive contacted Oculus support but I doubt them like everything else at the moment. I get responses from facebook I can not use this feature anymore as ive sent passport national insurance number and any other desperate measure I can think of. I could write a sadistic horror fim with facebook team getting a huge pleasure out of having absolute power and an ego trip. I am exempt from work on medical grounds and mentally I have been really stretched this past six weeks
Sadly I am dealing with this exact same issue. The thing is when I add my photo ID to recover my active account that has been taken over by someone else it says please enter a valid email. Well of course the hackers removed my email and phone number. Is this the same issue you dealt with at first? Thank you for all of your time and effort on this. Sadly I hope I can get back in and this never happens again. I feel like I am losing my mind ?
Well since 13th December 2021 I have been locked out of my account. Just now like on a regular occurrence I have sent my passport photograph as proof of who I am and unlike previous occasions I was sent a code to get access back. This has ironically happened after I changed my microsoft edge profile yesterday. It is clear some twisted individual got access to my set up and it worked for them I got locked out of Facebook!!! I cannot believe i am back but was pointless setting up a new account as was so irate over matter. Facebook though is a shambles. Nobody who worked for meta answered me on twitter. There is no customer service so do not set up extra security like I did. Back on facebook saturday night 28th /1/2023
Fortunately, Meta fixed the issue in December, a few months after receiving Mänôz report (for which he received a $27,200 bug bounty). In a statement to TechCrunch, Meta spokesperson Gabby Curtis explained that the bug was spotted during a small public test. The company has assured the public that there's no evidence the bug was exploited in the wild before a fix was released.
The Commission vote to refer the complaint and stipulated final order to the Department of Justice for filing was 3-2. The Department will file the complaint and stipulated final order in the U.S. District Court for the District of Columbia. Chairman Simons along with Commissioners Noah Joshua Phillips and Christine S. Wilson issued a statement on this matter. Commissioners Rohit Chopra and Rebecca Kelly Slaughter issued separate statements on this matter.
2FA or a similar alternative is highly recommended, especially for Facebook. The social media site has access to a lot of your personal information you probably haven't thought about, for one thing. You don't want a hacker having that information. Things like your location, identity, and even payment information are all stored on Facebook.If your account gets hacked, Facebook may take it upon themselves to completely deactivate your account. This type of action means you won't get your account back, and you'll lose all of your pictures, friends, and meaningful memories." } }, "@type": "Question", "name": "What can I do if I can't receive the 2FA code?", "acceptedAnswer": "@type": "Answer", "text": "Assuming you don't have a backup option established and you no longer have access to the phone number on file, you'll need to use an alternative method to log in. Your best option will be using a recognized device to get your security codes in the Settings.If you don't have a recognized device with you, don't have your security codes, and don't have access to one of the forms of contact listed on your account, use the 'Trouble signing in' option from the login page." , "@type": "Question", "name": "I can't turn off 2FA on Facebook. What's happening?", "acceptedAnswer": "@type": "Answer", "text": "There are a few possible reasons why Facebook won't let you turn off 2FA. If you have specific apps connected to Facebook, one may prevent you from turning off the feature because it's required for security purposes. Try removing any linked work or school apps, then follow the instructions again.If you are receiving an error, try another web browser to turn the security feature off because it could be an issue with the browser itself.Assuming you're using the correct password when logging in, you may need to contact Facebook support for more help. Generally, Facebook gives you no issues turning off this feature, so if you are running into a problem, it's likely account-specific, which is why you'll need the support team to help you out." , "@type": "Question", "name": "What do I do if someone else logged in and turned on 2FA on my account?", "acceptedAnswer": "@type": "Answer", "text": "If you've already experienced an attack and the hacker turned on 2FA, you can't log in until the matter gets resolved. Fortunately, Facebook is prepared to help.Visit this webpage to recover and regain access to your account so that you can turn off or manage 2FA." , "@type": "Question", "name": "Do I need a verification code to turn off 2FA?", "acceptedAnswer": "@type": "Answer", "text": "No, but you do need one to turn it back on. You will need your password to access the security settings, but you will not need a text message verification code to turn it off." ] } BODY .fancybox-containerz-index:200000BODY .fancybox-is-open .fancybox-bgopacity:0.87BODY .fancybox-bg background-color:#0f0f11BODY .fancybox-thumbs background-color:#ffffff "@context": " ", "@type": "BreadcrumbList", "itemListElement": [ "@type": "ListItem", "position": 1, "item": "@id": " -media/", "name": "Social Media" , "@type": "ListItem", "position": 2, "item": "@id": " -media/social-networks/", "name": "Networks" , "@type": "ListItem", "position": 3, "item": "@id": " -media/social-networks/facebook/", "name": "Facebook" ] "@context": " ", "@type": "Article", "mainEntityOfPage": "@type": "WebPage", "@id": " -factor-authentication-2FA-facebook/" , "headline": "How to Enable (or Disable) Two-factor Authentication on Facebook", "image": [ " -content/uploads/2017/07/how_to_enable_2fa_on_facebook.jpg?resize=540%2C540&ssl=1", " -content/uploads/2017/07/how_to_enable_2fa_on_facebook.jpg?resize=720%2C540&ssl=1", " -content/uploads/2017/07/how_to_enable_2fa_on_facebook.jpg?resize=960%2C540&ssl=1", " -content/uploads/2017/07/how_to_enable_2fa_on_facebook.jpg?fit=960%2C540&ssl=1", " -content/uploads/2022/01/How-to-Enable-Facebook-2FA-using-a-Web-Browser-001.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.21.17-PM.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.21.34-PM.png", " -content/uploads/2022/01/How-to-Enable-Facebook-2FA-using-a-Web-Browser-004.png", " -content/uploads/2022/01/How-to-Enable-Facebook-2FA-using-a-Web-Browser-005.png", " -content/uploads/2021/05/Screenshot-2.png", " -content/uploads/2021/05/Screenshot-1-4.png", " -content/uploads/2021/05/Screenshot-2-1.png", " -content/uploads/2021/05/Screenshot-3-2.png", " -content/uploads/2021/05/Screenshot-4-2.png", " -content/uploads/2021/05/Screenshot-5.png", " -content/uploads/2021/05/Screenshot-6.png", " -content/uploads/2021/05/Screenshot-7.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.29.21-PM.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.29.35-PM.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.29.55-PM.png", " -content/uploads/2020/10/Screenshot-9-1.png", " -content/uploads/2020/10/Screenshot-10-2.png?fit=690%2C336&ssl=1", " -content/uploads/2022/01/Facebook-Extra-Security-Options-001.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.52.28-PM.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.52.37-PM.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.52.51-PM.png", " -content/uploads/2021/05/Screen-Shot-2021-11-06-at-10.53.07-PM.png" ], "datePublished": "2017-07-24T00:00:00+00:00", "dateModified": "2022-08-09T12:19:01-06:00", "author": "@type": "Person", "name": "Cassandra" , "publisher": "@type": "Organization", "name": "Alphr", "logo": "@type": "ImageObject", "url": " -content/themes/alphr/images/logo_new.svg" , "description": "There's nothing more important than your online security in this digital era, from maintaining your privacy to protecting your accounts and passwords. There's always someone willing to take advantage of an improperly secured Facebook account, and it shouldn'" var ajaxurl = ' -admin/admin-ajax.php'; window.adsLoaded = false; var freestar = freestar ; freestar.queue = freestar.queue []; freestar.config = freestar.config ; freestar.config.enabled_slots = []; freestar.initCallback = function () if (typeof window.initAds !== "undefined") window.initAds(); else window.adsLoaded = true; (freestar.config.enabled_slots.length === 0) ? freestar.initCallbackCalled = false : freestar.newAdSlots(freestar.config.enabled_slots) GamingXboxNintendoPlayStationTwitchDiscordMinecraftSteamPC & MobileAndroidiPhoneChromebookWindowsMacGoogle SheetsZoomGoogle MeetGoogle PhotosMicrosoft TeamsZohoSocial MediaFacebookInstagramTikTokTwitterSnapChatWhatsAppTelegramMessengerInternetVPNsAlexaGoogle DriveGoogle PhotosiCloudPaypalNotionEntertainmentChromecastFire TVsRokuNetflixSpotifyKodiDisney+GadgetsSmart HomeEchoGoogle HomeiPadKindle FireVizio TVsSamsung TVsVPNsKodiXboxOn a RouterAndroidFirestickSubscribe UsSubscribeGamingXboxNintendoPlayStationTwitchDiscordMinecraftSteamPC & MobileAndroidiPhoneChromebookWindowsMacGoogle SheetsZoomGoogle MeetGoogle PhotosMicrosoft TeamsZohoSocial MediaFacebookInstagramTikTokTwitterSnapChatWhatsAppTelegramMessengerInternetVPNsAlexaGoogle DriveGoogle PhotosiCloudPaypalNotionEntertainmentChromecastFire TVsRokuNetflixSpotifyKodiDisney+GadgetsSmart HomeEchoGoogle HomeiPadKindle FireVizio TVsSamsung TVsVPNsKodiXboxOn a RouterAndroidFirestickSearchHomeSocial Media Networks Facebook How to Enable (or Disable) Two-factor Authentication on Facebook CassandraRead moreAugust 9, 2022 2ff7e9595c
Comments