Comment by ivan_gammel
10 hours ago
If mailboxes of some people were breached, those reset emails can be used to steal their Instagram accounts. So it can be some other breach being exploited, rather than a vulnerability in Instagram account itself.
10 hours ago
If mailboxes of some people were breached, those reset emails can be used to steal their Instagram accounts. So it can be some other breach being exploited, rather than a vulnerability in Instagram account itself.
If my mailbox is breached, Instagram will be the least of my worries.
Password reset emails usually contain a token that expires rather quickly so unless I’m missing something, this should be a non-issue.
But you can generate such emails with a public username
Yep. And if you also have access to my email, you can already look at it to figure out exactly what services I have an account with.
If you’ve pawned my email address, you can get my user names, send email reset, etc, etc.
Or the email address you have already hacked into. Why both with the username at that point.
And that would also apply to everything. What else? Banks.
It wouldn't be reported as an Instagram breach, in that case.