Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

nRiTeCh · Mar 6, 2024

With regards to yesterdays FB an Instagram global shutdown..

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

A security researcher has discovered an unsecured database on the internet containing millions of two-factor authentication security codes. Here's what you need to know.

www.forbes.com

https://www.reddit.com/r/privacy/comments/1b6niwk

Not much to worry but for
Those who all using lastpass, bitwarden and similar password manager just reset the master password and de-authorize existing sessions and rotate the tokens!

Incinere · Mar 6, 2024

Was the master password of password manager, exposed ? I think SMS codes which are sent during a 2FA login/password reset were exposed. An average 2FA SMS code would have a lifetime of 10-20 mins.

nRiTeCh · Mar 6, 2024

True yet cookies got hacked it seems..

BullettuPaandi · Mar 6, 2024

nRiTeCh said:
https://www.reddit.com/r/privacy/comments/1b6niwk

It's been a while since I used Reddit, so forgive me if I'm not understanding things correctly, but why do they all sound like they're commenting on a commercial film or something? Is it that hard to comprehend that this could have affected most people who rely on such service? To me it sounds like this security researcher happened to find this and as he couldn't find the responsible party, he took it public at which point he might as well educate on better practice. A "privacy community" reads all this and goes "booo..."?! Are redditors treating every sub as NSFW, because these guys sound like they've developed some sort of kink for enraging, illicit stuff and this is not doing it for them.

Also, ask any snack-thieving-sibling, it's not a leak/breach/hack considering it was left unprotected.

rootyme · Mar 6, 2024

nRiTeCh said:
Those who all using lastpass, bitwarden and similar password manager just reset the master password and de-authorize existing sessions and rotate the tokens!

What about those who don't have 2FA on password managers? The source mentions only temporary SMS authentication codes.

Why does one need to change the master passworded here?

nRiTeCh said:
True yet cookies got hacked it seems..

View attachment 192242

Do you use FB in Arabic?

jayanttyagi · Mar 6, 2024

nRiTeCh said:
With regards to yesterdays FB an Instagram global shutdown..

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

A security researcher has discovered an unsecured database on the internet containing millions of two-factor authentication security codes. Here's what you need to know.

www.forbes.com

https://www.reddit.com/r/privacy/comments/1b6niwk

Not much to worry but for
Those who all using lastpass, bitwarden and similar password manager just reset the master password and de-authorize existing sessions and rotate the tokens!

No need to do this.

This only affects SMS authentication

The leaked keys have all stopped working since forever

The leak comes from an Asian company providing SMS routing.

awestorr · Mar 6, 2024

I use bitwarden, do i really need to reset master password?

jayanttyagi · Mar 6, 2024

awestorr said:
I use bitwarden, do i really need to reset master password?

Nope

nRiTeCh · Mar 6, 2024

awestorr said:
I use bitwarden, do i really need to reset master password?

I do but what I observed is that cookies were compromised and insta and fb was taken over with weird language and format. Made no sense to just clear cookies and be rest assured so changed bitwarden password and did few security cycling around just to be sure.
Not required but no harm as well for just in case situations if any further findings arises later on..

rootyme said:
What about those who don't have 2FA on password managers? The source mentions only temporary SMS authentication codes.

Many started receiving smses with otp codes etc while others weren't even aware until they logged in today on fb.

rootyme said:
Do you use FB in Arabic?

The global hack did that..

KA_20 · Mar 7, 2024

BullettuPaandi said:
It's been a while since I used Reddit, so forgive me if I'm not understanding things correctly, but why do they all sound like they're commenting on a commercial film or something? Is it that hard to comprehend that this could have affected most people who rely on such service? To me it sounds like this security researcher happened to find this and as he couldn't find the responsible party, he took it public at which point he might as well educate on better practice. A "privacy community" reads all this and goes "booo..."?! Are redditors treating every sub as NSFW, because these guys sound like they've developed some sort of kink for enraging, illicit stuff and this is not doing it for them.

Also, ask any snack-thieving-sibling, it's not a leak/breach/hack considering it was left unprotected.

reddit is a hive mind community, each sub attracts people of same mindset and form same biased opinion on a subject. Moderators actively encourage this behaviour there. It's good thing you have stopped browsing it. Usually each thread will have 100 opinions on top of the page and 1 factual information at the bottom.

amanb21 · Mar 7, 2024

awestorr said:
I use bitwarden, do i really need to reset master password?

The leak effectively exposed the database of SMS OTP that an authentication provider was using which was contracted by social media companies for SMS based 2-factor authentication. So it has nothing to do with what password manager you use. If you are using Bitwarden's authenticator rather then a SMS for 2-factor, you have nothing to fear at the moment.

nRiTeCh · Mar 7, 2024

KA_20 said:
reddit is a hive mind community, each sub attracts people of same mindset and form same biased opinion on a subject. Moderators actively encourage this behaviour there. It's good thing you have stopped browsing it. Usually each thread will have 100 opinions on top of the page and 1 factual information at the bottom.

But nobody can deny reddit has answers to confusing pc issues esp. tweaks, oc etc.

calvin1719 · Mar 7, 2024

nRiTeCh said:
With regards to yesterdays FB an Instagram global shutdown..

How is this related to that outage?

Hei#4869 · Mar 18, 2024

I thought the global social media outage was related to the internet outage caused by the telecom cables being cut under the red sea?

sandeepsachin · Mar 18, 2024

Advisable to change What's app 2 factor pin?

nRiTeCh · Mar 18, 2024

sandeepsachin said:
Advisable to change What's app 2 factor pin?

Nop not required. Cookies started behaving abruptly on other sites too hence it was advisable for those using password managers to change master password, change banking passwords etc just to be sure its all safe.

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

nRiTeCh

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

Incinere

nRiTeCh

BullettuPaandi

rootyme

jayanttyagi

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

awestorr

jayanttyagi

nRiTeCh

KA_20

amanb21

nRiTeCh

calvin1719

Mostly harmless.

Hei#4869

Patron

sandeepsachin

nRiTeCh