TechCrunch: Hacker Kevin Mitnick shows how to bypass 2FA

TechCrunch: Hacker Kevin Mitnick shows how to bypass 2FA . “A new exploit allows hackers to spoof two-factor authentication requests by sending a user to a fake login page and then stealing the username, password, and session cookie. KnowBe4 Chief Hacking Officer Kevin Mitnick showed the hack in a public video. By convincing a victim to visit a typo-squatting domain liked ‘LunkedIn.com’ and capturing the login, password, and authentication code, the hacker can pass the credentials to the actual site and capture the session cookie. Once this is done the hacker can login indefinitely. This essentially uses the one time 2FA code as a way to spoof a login and grab data.”