Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

nRiTeCh

nRiTeCh

Skilled
Mar 24, 2005
7,469
4,961
383
51nD m3!
www.techenclave.com
With regards to yesterdays FB an Instagram global shutdown..

www.forbes.com

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

A security researcher has discovered an unsecured database on the internet containing millions of two-factor authentication security codes. Here's what you need to know.
www.forbes.com www.forbes.com

https://www.reddit.com/r/privacy/comments/1b6niwk

Not much to worry but for
Those who all using lastpass, bitwarden and similar password manager just reset the master password and de-authorize existing sessions and rotate the tokens!
 
  • Sad
Reactions: enginear
Incinere

Incinere

Recruit
Dec 5, 2022
3
14
8
Was the master password of password manager, exposed ? I think SMS codes which are sent during a 2FA login/password reset were exposed. An average 2FA SMS code would have a lifetime of 10-20 mins.
 
nRiTeCh

nRiTeCh

Skilled
Mar 24, 2005
7,469
4,961
383
51nD m3!
www.techenclave.com
True yet cookies got hacked it seems..


1709728352852.png
 
Last edited:
  • Like
Reactions: Incinere
B

BullettuPaandi

nRiTeCh said:
https://www.reddit.com/r/privacy/comments/1b6niwk
Click to expand...
It's been a while since I used Reddit, so forgive me if I'm not understanding things correctly, but why do they all sound like they're commenting on a commercial film or something? Is it that hard to comprehend that this could have affected most people who rely on such service? To me it sounds like this security researcher happened to find this and as he couldn't find the responsible party, he took it public at which point he might as well educate on better practice. A "privacy community" reads all this and goes "booo..."?! Are redditors treating every sub as NSFW, because these guys sound like they've developed some sort of kink for enraging, illicit stuff and this is not doing it for them.

Also, ask any snack-thieving-sibling, it's not a leak/breach/hack considering it was left unprotected.
 
rootyme

rootyme

Jaadoo
Adept
Aug 13, 2021
333
770
233
Koi Mil Gaya
nRiTeCh said:
Those who all using lastpass, bitwarden and similar password manager just reset the master password and de-authorize existing sessions and rotate the tokens!
Click to expand...
What about those who don't have 2FA on password managers? The source mentions only temporary SMS authentication codes.

Why does one need to change the master passworded here?
nRiTeCh said:
True yet cookies got hacked it seems..


View attachment 192242
Click to expand...
Do you use FB in Arabic?
 
J

jayanttyagi

Disciple
May 11, 2023
96
131
47
nRiTeCh said:
With regards to yesterdays FB an Instagram global shutdown..

www.forbes.com

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

A security researcher has discovered an unsecured database on the internet containing millions of two-factor authentication security codes. Here's what you need to know.
www.forbes.com www.forbes.com

https://www.reddit.com/r/privacy/comments/1b6niwk

Not much to worry but for
Those who all using lastpass, bitwarden and similar password manager just reset the master password and de-authorize existing sessions and rotate the tokens!
Click to expand...
No need to do this.

This only affects SMS authentication

The leaked keys have all stopped working since forever

The leak comes from an Asian company providing SMS routing.
 
  • Like
Reactions: ibose
nRiTeCh

nRiTeCh

Skilled
Mar 24, 2005
7,469
4,961
383
51nD m3!
www.techenclave.com
awestorr said:
I use bitwarden, do i really need to reset master password?
Click to expand...
I do but what I observed is that cookies were compromised and insta and fb was taken over with weird language and format. Made no sense to just clear cookies and be rest assured so changed bitwarden password and did few security cycling around just to be sure.
Not required but no harm as well for just in case situations if any further findings arises later on..
rootyme said:
What about those who don't have 2FA on password managers? The source mentions only temporary SMS authentication codes.
Click to expand...
Many started receiving smses with otp codes etc while others weren't even aware until they logged in today on fb.
rootyme said:
Do you use FB in Arabic?
Click to expand...
The global hack did that..
 
  • Like
Reactions: rootyme and awestorr
KA_20

KA_20

Disciple
Nov 30, 2023
27
27
17
BullettuPaandi said:
It's been a while since I used Reddit, so forgive me if I'm not understanding things correctly, but why do they all sound like they're commenting on a commercial film or something? Is it that hard to comprehend that this could have affected most people who rely on such service? To me it sounds like this security researcher happened to find this and as he couldn't find the responsible party, he took it public at which point he might as well educate on better practice. A "privacy community" reads all this and goes "booo..."?! Are redditors treating every sub as NSFW, because these guys sound like they've developed some sort of kink for enraging, illicit stuff and this is not doing it for them.

Also, ask any snack-thieving-sibling, it's not a leak/breach/hack considering it was left unprotected.
Click to expand...
reddit is a hive mind community, each sub attracts people of same mindset and form same biased opinion on a subject. Moderators actively encourage this behaviour there. It's good thing you have stopped browsing it. Usually each thread will have 100 opinions on top of the page and 1 factual information at the bottom.
 
  • Like
Reactions: Ash.Das, calvin1719 and rootyme
A

amanb21

Recruit
Mar 7, 2024
2
1
3
awestorr said:
I use bitwarden, do i really need to reset master password?
Click to expand...
The leak effectively exposed the database of SMS OTP that an authentication provider was using which was contracted by social media companies for SMS based 2-factor authentication. So it has nothing to do with what password manager you use. If you are using Bitwarden's authenticator rather then a SMS for 2-factor, you have nothing to fear at the moment.
 
nRiTeCh

nRiTeCh

Skilled
Mar 24, 2005
7,469
4,961
383
51nD m3!
www.techenclave.com
KA_20 said:
reddit is a hive mind community, each sub attracts people of same mindset and form same biased opinion on a subject. Moderators actively encourage this behaviour there. It's good thing you have stopped browsing it. Usually each thread will have 100 opinions on top of the page and 1 factual information at the bottom.
Click to expand...
But nobody can deny reddit has answers to confusing pc issues esp. tweaks, oc etc.
 
Hei#4869

Hei#4869

Patron
Patron
Jan 15, 2024
11
9
7
I thought the global social media outage was related to the internet outage caused by the telecom cables being cut under the red sea?
 
Top Bottom