Facebook two-factor authentication bypass issue patched

Meta patched a bug in Facebook that could have circumvented two-factor authentication (2FA) using SMS. Discovered by security researcher Manoj Gautam, it exploited a rate-limiting issue in Instagram, enabling an attacker to brute-force a verification pin. The bug, patched within a month of its report, was considered one of Meta’s most significant of 2022, and Gautam received a bounty of $27,200.