Researcher Finds Way to Steal Money From Instagram, Google, and Microsoft
Belgian security researcher Arne Swinnen found an inventive way to steal money from companies like Facebook (through the Instagram service), Google, and Microsoft, using their 2FA voice-based token distribution systems.
Most companies that deploy 2FA (Two-Factor Authentication) send short codes via SMS to their users. Optionally, if the user chooses to, he can also receive a voice call from the company as well, during which a robot operator speaks the code out loud.
These phone calls are usually placed to the phone number officially tied to those specific accounts.
Attacks could theoretically work against other companies as well
Swinnen discovered in his experiments that he could create Instagram Google and Microsoft Office 365 accounts, which he could then tie to a premium phone number instead of a regular phone number.
Quick Links: Best Chrome Games |Top 5 Dress Up Games For Girls On Chrome | Top 5 iTunes Alternatives On Chrome OS | Best Photoshop Alternatives On Chromebook | Download Google Chrome Apps | Free Chrome OS Apps