Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies. But a new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.
They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target’s phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account.
Full article: How Hackers Bypass Gmail 2FA at Scale – Motherboard