GoPlus said a high-risk design flaw in Meta’s account recovery feature could allow attackers to obtain users’ phone numbers, email addresses, and other personally identifiable information.
According to ChainCatcher, GoPlus said an attacker would only need to enter a Meta username, without any login or verification, to retrieve the full PII linked to that account.
GoPlus said the exposure could enable large-scale phishing, SIM-swap attacks, account takeovers and identity theft, and targeted social engineering.
GoPlus advised users to remove or replace any exposed email address or phone number used for account recovery, change relevant account passwords and enable two-factor authentication, avoid clicking messages related to “account issues,” “verification,” or “password resets,” and use multiple verification channels, including official documentation or other official social media accounts, to confirm information.
GoPlus Says Meta Account Recovery Flaw Could Expose Users’ Emails, Phone Numbers, and PII
2026-06-08 02:53:51
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
