Hacker News new | past | comments | ask | show | jobs | submit login

But if the employee had long passwords, was his fb account compromised through the use of password reset through SMS then?



Yes. They didn't need to know his strong password to log on, they just needed access to his mobile phone SMS in order to complete the account recovery process and change his account password to a value they chose.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: