A security researcher has developed a social engineering attack to bypass two-factor authentication, TechCrunch reported.
Hacker Kevin Mitnick produced a video on YouTube showing how the exploit works by sending victims to a fake login page.
The site requests your username, password, and authentication code, which it passes to the legitimate site to log you in, while capturing the session cookie in the process.
Once this is done, the hacker can log in whenever they want, according to the report.
While the attack was demonstrated on LinkedIn, Mitnick’s company KnowBe4 warned that the attack could be weaponised for any site.