GoPlus: Meta account recovery feature exposed to high-risk design flaws, which could directly leak users' sensitive information
GoPlus posted on platform X that the Meta account recovery feature has been exposed to a high-risk design flaw, which could directly leak users' phone numbers, email addresses, and PII (Personally Identifiable Information). Attackers only need to input the META username without any login or verification to directly obtain the complete PII linked to the user, such as email addresses and phone numbers. This could pose significant risks to users, including: large-scale phishing attacks, SIM card swapping attacks, account takeover and identity theft, and targeted social engineering attacks.
Recommendations: Remove or change the leaked email/phone number as a recovery method; modify related account passwords and enable 2FA; do not click on any emails or messages related to "account anomalies," "verification," or "password reset"; set up multi-channel verification, which can be verified through official documents or other official social media channels.
You may also like
Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing
Galaxy Deep Research Report: How Hyperliquid's HIP-4 Upgrade Changes the Landscape of Prediction Markets?
Latest research from 13 top universities including Cornell University: The current state, challenges, and misconceptions of the fusion of Crypto and AI
Deconstructing Anthropic: The Best AI Company, Possibly Also a Type of Organizational Invention
Every exchange is a "Universal Exchange."
The counterattack of traditional finance: Alliance chains are quietly reviving
Pantera Capital Partner: How Tokenization is Restructuring the Private Equity and Early Investment Ecosystem?
Mastercard Launches Agent Pay for AI, Plans to Record AI Agent Payment Authorizations on Polygon
Mastercard launched Agent Pay for AI, a new payment protocol designed to help AI agents make small payments such as pay-per-use access to data and APIs. The system plans to record human-granted AI agent permissions on Polygon, focusing on verifiable authorization, identity, and payment controls.
Curve Deploys Llamalend v2 on Optimism With 250,000 OP Incentives
Curve launched Llamalend v2 on Optimism with 250,000 OP incentives from the Optimism Foundation. The upgrade expands Llamalend beyond its earlier crvUSD-focused model, adding broader collateral support, LlamaRisk market reviews, and the ability to use Curve LP tokens as collateral.
Raydium Old Liquidity Pool Reportedly Exploited, With $1.34 Million Moved to Ethereum and Tornado Cash
An old Raydium liquidity pool was reportedly exploited for around $1.34 million in USDC, RAY, and wSOL, with the stolen funds bridged to Ethereum and deposited into Tornado Cash. The incident highlights the tail risks of legacy DeFi pools, old contracts, and cross-chain fund laundering paths.
Kalshi Executive Challenges “SBF Backed AI Unicorns” Narrative, Says Leopold Aschenbrenner Was Key Figure
Kalshi executive John Wang questioned the “SBF backed AI unicorns” narrative, saying Leopold Aschenbrenner was the key figure behind major AI investment decisions.
New York Proposes Stricter Stablecoin Issuer Rules Aligned With Federal GENIUS Act
NYDFS proposed stricter stablecoin issuer rules aligned with the GENIUS Act, covering reserves, custody, redemption timelines, audits, and capital buffers.
CryptoQuant Says Bitcoin Profitable Supply Is Near 45% Pressure Zone as On-Chain Data Points to Market Repricing
CryptoQuant said Bitcoin’s profitable supply is nearing the 45% pressure zone, signaling rising market stress, unrealized losses, and a possible on-chain repricing phase.
Bitcoin Falls Below 200-Week Moving Average as On-Chain Data Shows Over Half of Supply in Loss
Bitcoin dropped below its 200-week moving average as on-chain data showed over 50% of circulating supply is now in loss, signaling rising market stress.
CFTC Reportedly Plans New Prediction Market Rules Focused on Manipulation Risk and Public Interest Review
The CFTC is reportedly preparing new prediction market rules focused on manipulation risk, public interest review, and retail trader protections.
Meet the new WEEX trial fund—your gateway to greater profits
WEEX Labs Lands at Dutch Blockchain Week: A Disruptive Crypto × AI Conversation Sets Sail in Amsterdam
SK Hynix Reportedly Plans U.S. ADR Listing as Early as August, With SEC Approval Possible in Late June
SK Hynix may pursue a U.S. ADR listing as early as August, with SEC approval reportedly possible in late June amid strong AI chip supply chain demand.
Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing
Galaxy Deep Research Report: How Hyperliquid's HIP-4 Upgrade Changes the Landscape of Prediction Markets?
Latest research from 13 top universities including Cornell University: The current state, challenges, and misconceptions of the fusion of Crypto and AI
Deconstructing Anthropic: The Best AI Company, Possibly Also a Type of Organizational Invention
Every exchange is a "Universal Exchange."
The counterattack of traditional finance: Alliance chains are quietly reviving
