Home
News
Details

Meta Account Recovery Feature Found to Have High-Risk Design Flaw

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
On-chain news reports that Meta's account recovery system has a critical design flaw, allowing attackers to access users' linked email and phone numbers without authentication. This exposes users to risks of phishing, SIM swapping, and identity theft. Security experts recommend replacing compromised contact information, updating passwords, enabling two-factor authentication, and verifying account alerts through official crypto news channels. Users are warned not to click on suspicious reset links or messages.

ME News reports that on June 8 (UTC+8), GoPlus posted on X that a critical design flaw has been exposed in Meta’s account recovery feature, directly exposing users’ phone numbers, email addresses, and PII (personally identifiable information). Attackers can obtain a user’s full PII—including linked email and phone number—simply by entering a Meta username, without requiring any login or verification. This poses severe risks such as large-scale phishing attacks, SIM swap attacks, account takeovers, identity theft, and targeted social engineering. Recommendations: Remove or replace compromised email addresses or phone numbers as recovery options; change passwords for related accounts and enable 2FA; do not click on any emails or SMS messages claiming “account anomalies,” “verification,” or “password reset”; implement multi-channel verification and confirm legitimacy through official documentation or verified social media channels. (Source: ChainCatcher)

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.