Can 2FA be Hacked?

[jonnywilson]

Recently my Facebook Account was Hacked which was protected by 2FA. I was thinking that 2FA was very advance security. But I was Wrong. My Account was hacked and hacker change all my email and Phone Number. Has anyone faced same problem please reply in post. If someone has recovered hacked account please reply with information.

[1715579443]

1715579443

[1715579443]

1715579443

[1715579443]

1715579443

[pooya87]

Anything can be hacked, the methods and  the hardship is different.
For example in 2FA the hacker could gain access to the device that has the 2FA on it or to the backup where the 2FA password is stored and generate the required password that way.
Another way is finding a flaw in the website login procedure and exploit that in order to bypass the 2FA requirement entirely. Usually sites offer a way to remove 2FA for users who lose their 2FA device which could be exploited.

[DdmrDdmr]

It’s probably the best easy solution to enhance personal authentication security, but the account protected by 2FA is not immune from social engineering attacks to actually trick support into switching 2FA off on a given account, nor, in broader terms, from malware that can actually capture your codes and send them off to a backend remote server.

For example, the banking Trojan malware called Cerberus is potentially capable of stealing and resending your 2FA codes. It’s perhaps not too extended as a method, but the possibility is real.

See: https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/

[Coyster]

Of course 2FA can be hacked, i know it's an extra layer of security, but every security protocol can be hacked, it makes it more difficult for your account to be hacked if you have 2FA enabled, but it doesn't make your account impregnable, if you make mistakes by clicking links with malwares, careless with your passwords or device etc, then your account is going to be hacked; it's the same for users that use hw wallets, your funds are only totally safe when you take responsibility and avoid every possible folly there is. Enabling 2FA is the first step, the next and most important is how to avoid mistakes that will still make your account penetrable to scammers.

If someone has recovered hacked account please reply with information.

First contact their support, though I don't think there's a way to recover the account since the phone number and email has been changed to that of the scammers, cause if they are to help you, every recovery details will be sent to the phone number or email which sadly is no longer yours, did the scammer also change your recovery email on the account? That's another option.

[dzungmobile]

I guess it can be hacked if your device is compromised.

The 2-factor authentication is born to build up a second layer of protection for your account.

So the process would be install the 2FA application and input your 2FA code of your account on a second device. The second device should be clean (no virus, malware, trojans, threats in general).

Log in your account on devices A, B, C, etc but don't log in it on the device you setup your 2FA. It breaks the idea behind 2-factor authentication. It won't be a two factor protection if you store, install and login on a single device.

The process of compromise, I don't know, maybe someone will explain it.

[Asuspawer09]

Recently my Facebook Account was Hacked which was protected by 2FA. I was thinking that 2FA was very advance security. But I was Wrong. My Account was hacked and hacker change all my email and Phone Number. Has anyone faced same problem please reply in post. If someone has recovered hacked account please reply with information.

Hacker could pretty much hack or bypass 2FA authenticator.

The hacker could use emails in order to get in on your computer and then make it look like a deal or beta testing of any application which is a pretty common way for a hacker to get into a computer.

If the hacker is already inside your computer, they could perform a spoof attack where the hacker is going to clone your browser or your IP address so that when you need to open a 2FA authentication it will be bypass thinking that the one who log-in is still you since it is using your IP address.

Hackers could easily target your emailsince everything is connected in your email address and they could change your password in almost every website just using your email.

[Lhaine]

It's possible if you give the backup key of your 2fa to others even in accident or in a porpuse, that's the only way  hacker can have access to your keys even it's randomly change any time as long as he have the key he can open it anytime . the hacker has to  find a way how they can get that from you then they can hack it,its hard but possible.

[Baskeyairdrop]

Hacking process occurs as a result of loose information gotten one way or the other. Even though you used 2fa to secure your account, it can still be hacked if you are compromised one way or another.

[Cryptoababe]

2FA is more sucure but can also be hacked if the recovery codes are being exposed or if the hacker took your phone and Transfer accounts of your authenticator app to thier device.
As I've understand this. The hacker will be a close person to you or have access to your device with the 2FA app or software.

[ranochigo]

Most people refer to 2FA as a OTP from a device. It simply means 2 Factor Authentication which doesn't necessarily mean OTPs but it's commonly referred to as such. 2FA can be an authentication done with email and the password, password and SMS, password and biometric etc.

I presume you'll understand that any compromise from the back end, be it an inside job or a vulnerability would affect you, 2FA or not. Certain scenarios allows the 2FA to be bypassed completely and that is a point to consider. As with the security of 2FA, SMS authentication are NOT secure and if you're a high profile person, it is not difficult to social engineer staff at your telecom to do a sim jack and compromise your accounts. Has happened before and it will definitely continue to happen, humans are the weakest link.

Conversely, if you use a company who trains their support staff well to be less susceptible to social engineering (ie. implementing additional physical verification or hard coding certain data), you could probably use a 2FA hardware key and be safe with it. That is a very big if, and personally, I don't trust them.

[electronicash]

there was a story I heard on the news that there is a device that can clone sim cards. upon searching about it on google i even found a tutorial https://www.tech2hack.com/how-to-clone-sim-card-easily/

so don't ever leave your phones anywhere because in 15 minutes, someone could actually clone your sim card. in fact the duplicate SIM card works perfectly well while you are also using the original. nayk!

[mersal]

Recently my Facebook Account was Hacked which was protected by 2FA. I was thinking that 2FA was very advance security. But I was Wrong. My Account was hacked and hacker change all my email and Phone Number. Has anyone faced same problem please reply in post. If someone has recovered hacked account please reply with information.

Social engineering is the most common method used by scammers to steal your authentication codes and get access to your account, so it is important to be aware all the time while using the internet and also receiving emails from unknown or clone of official websites.

OTP on your mobile number is less secured compared to authenticator apps like Google authenticator, Authy because they are running based on TOTP which keeps changing the codes for every few seconds.

Another way is to infect your device with malware and get access to these apps or recovery codes.

[Akiko]

there was a story I heard on the news that there is a device that can clone sim cards. upon searching about it on google i even found a tutorial https://www.tech2hack.com/how-to-clone-sim-card-easily/

so don't ever leave your phones anywhere because in 15 minutes, someone could actually clone your sim card. in fact the duplicate SIM card works perfectly well while you are also using the original. nayk!

worse is in our country because because network is able to recycle the old number and sim card to be used again for sale and the old number can also be used to hack your personal  fb or any others  social media sight that is registered using the number.

For authenticator it's still safe if the 2fa you use is from Google authenticator than using number. You will have a problem in phone authentication in case of lost.

[GbitG]

Hacking process occurs as a result of loose information gotten one way or the other. Even though you used 2fa to secure your account, it can still be hacked if you are compromised one way or another.

This is case as its happen to one of my colleague he download 2FA authenticator on computer and was using few sites on this after few days he lost some good stuff because hacker was in his all accounts without any problem so you need to protect yourself with some better way like use different devices and have all your stuff very securely.

[khaled0111]

When you set up 2fa for facebook you will be asked to whether you want to use sms notifications or to use an authenticator app. Whoever hacked your account has to have access to your mobile phone. So, most likely, it's someone you know.
2fa isn't an advanced technique as you might think. The only advantage of using it is that most of the times the hacker must hack/have access to more than one device.

[Greatdev]

2FA is very secured to be honest but that doesn't mean it can't be compromised, 2FA codes are store in smartphones and are backed up by Google account connected to your smartphone, email can be hacked, 2FA access can be moved if you don't keep your phone very private to yourself, think deeply before making any moves, anything can be hacked with just one mistake

[New_order]

No matter how strong a security software or hardware can be there is always a way for hackers to get through and carry out their missions successfully, if you are too careless with your smartphone your 2FA can be jailbreak, make sure you don't share your phone with anyone

[Kong Hey Pakboy]

Recently my Facebook Account was Hacked which was protected by 2FA. I was thinking that 2FA was very advance security. But I was Wrong. My Account was hacked and hacker change all my email and Phone Number. Has anyone faced same problem please reply in post. If someone has recovered hacked account please reply with information.

Well. No technology is perfect for security because there are many great hackers nowadays that they can steal all of your information and funds in different ways. 2FA or Two Factor Authentication can help you protect your account, but a Facebook account can easily get hacked according to some users because it has weak security. Also, avoid using SMS authentication in any of your accounts. It can easily bypass that you should be using google authenticator or Security Key Authenticator because it would take long for a hacker to bypass it.

[JeotQ]

There is back ups for every accounts you add in your google authentication app, assuming you buy a new smartphone now you can easily export all the 2FA accounts into the new phone, meaning that if someone have access  to your phone they can export your 2FA settings and gave access to every websites you use 2FA on

[sujonali1819]

Yes, it could be hacked as all said here. I don't know actually how your Facebook account was hacked(2fa). If you search on youtube you can see some results about the possible way of how 2fa a could be hacked also. btw where you have saved your 2fa code or the QR code photo? If you save it online then maybe it was hacked first.