Comment by varenc

13 hours ago

My guess is they fixed whatever weakness in their rate limiting allowed an attacker to automate requesting millions of password reset emails. The fix could be as simple as adding a new CAPTCHA to the password reset flow.

0 comments