Security researcher Arne Swinnen found a flaw in the 2FA voice call systems used by Google, Microsoft, and Facebooks Instagram. The vulnerability is unusual in that it doesnt scam end-users out of money, but instead steals from the companies. With premium-rate 2FA phone calls taking up to 30 seconds each, it is easy to rack up a big bills by chaining dozens of these automated calls to a single premium rate number. All three companies responded with remediation to prevent this kind of scam taking place.”]