Researcher Arne Swinnen found an ingenious way to make money from the likes of Google, Microsoft and Instagram getting their two-factor authentication registration schemes to call a premium rate phone number. Despite the fact that it was clear that no customer data was being put at risk through the technique, the researcher was awarded $2000 and $500 by Instagrams respective bug bounties. This allowed a dedicated attacker to steal thousands of EUR/USD/GBP/ Microsoft was exceptionally vulnerable to mass exploitation by supporting virtually unlimited concurrent calls”]
Source: https://grahamcluley.com/steal-money-instagram-microsoft-google-help-premium-rate-phone-number/

