Is it possible to get hacked with an authenticator

There can also be false negatives and false positives in biometric recognition. Also, faces can sometimes be similar enough to fool facial recognition systems. Read more: Don't be phish food! Tips to avoid sharing your personal information online. Only the most determined and resourceful hacker will be able to find answers to these questions. Despite all of the above, the biggest vulnerability to being hacked is still the human factor.

Successful hackers have a bewildering array of psychological tricks in their arsenal. The best way to protect yourself from hackers is to develop a healthy amount of scepticism. If you carefully check websites and links before clicking through and also use 2FA, the chances of being hacked become vanishingly small. The bottom line is that 2FA is effective at keeping your accounts safe. However, try to avoid the less secure SMS method when given the option.

Think of Muraena as the clever bank robber, and NecroBrowser as the getaway driver. Muraena intercepts traffic between the user and the target website, acting as a proxy between the victim and a legitimate website. Once Muraena has the victim on a phony site that looks like a real login page, users will be asked to enter their login credentials, and 2FA code, as usual.

A demonstration of the attack was also released on GitHub, an open source coding site, to provide developers an opportunity to see how it works. Despite this hack, 2FA is still considered a best security practice—far better than the alternative of simply relying on a username and strong password, according to security experts.

Mitnick told CNBC he found out about the vulnerability when it was posted online for anyone to find. So any year-old could download the tool and actually carry out these attacks," he said. According to Mitnick, the attack begins when a cybercriminal sends an email that looks real, and asks the receiver to click on a link.

Once the user clicks on the link, they are directed to log into the real website, including entering the code sent to their cellphone. Secretly, however, the log in went through the hacker's server and they were able to get the session cookie, the expert explained.

Mitnick showed CNBC that he was able to enter that code into his browser. The email he clicked on looked like a real LinkedIn connection request — but actually came from a fake domain, lnked. He said most people may not realize the difference. It's the actual user… It's a security flaw with the human," Mitnick said. In a statement, Mary-Katharine Juric, a LinkedIn spokesperson, told CNBC that the professional network took Mitnick's demonstration "very seriously," and that LinkedIn has "a number of technical measures in place to protect our members from fraudulent activity including phishing scams.