Mastodawn

Urgent help required. A client of mine has had their Instagram account hacked even with MFA enabled. Unsure how that has occurred. They are holding the account to ransom.

In my previous experience, Instagram are extremely difficult to deal with and their reporting system goes around in circles.

Does anyone know of a fast, efficient way of contacting them to get the account back to the legitimate owners? This is a high profile client. Many thanks for any advice.

#infosec #instagram

Show thread

Mark Vos Feb 4, 2023

For those that are wondering, after a forensic investigation, we found that this is how the attacker got around the 2FA:

https://www.yourtechstory.com/2023/02/02/facebook-bug-allows-2fa-bypass-via-instagram/

#infosec #instagram

Facebook Bug Allows 2FA Bypass Via Instagram

The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.

Your Tech Story

Show thread

Ghost0x0 Feb 4, 2023

@markvos

You know this is not the first I heard off this happening. My guess is is either some opsec fail or insider attack.