Researchers are able to compromise many popular social media sites by hacking SS7 network, intercepting an OTP, resetting passwords and taking ownership of accounts
Researchers have exploited a flaw in the SS7 protocol to intercept one time passcodes (OTP) used by many online services to reset passwords. Facebook, WhatsApp, Telegram, Twitter and many other online services, offer password resets via SMS message but instead of strengthening security, this ability actually introduces a vulnerability that hackers can, and will, exploit.
The fact that the SS7 network has security flaws is indisputable as has been proven by many researchers. The issue is that the telecoms industry, as a whole, appears to be turning a blind eye. Rather than fixing the underlying vulnerability, many services are being encouraged to add a layer of protection built on this flawed global telecommunications network.
Hackers can exploit the SS7 vulnerability to spoof a mobile phone on the network which then receives the OTP SMS.