Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Someone added my phone numbers on 2FA and now I am able to login to their account, without a password.


It's not really 2FA if you can login with just the one factor of the phone… Maybe you unconsciously reset the password to your own at some point and it's saved?


Agreed. But its not even my account. I have similar things happening to me, except those messages are linked to my google voice number with someone else's account. One click and I am able to login. I had to block that number from receiving facebook updates.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: