Comment by jedberg

2 hours ago

Security 101 when changing the email of an account for any reason: email the old account and let it know the change happened.

The weird thing is I know the Instagram security team, and they are top notch. I have a feeling this was vibe coded by someone outside of security and security wasn't looped in.

4 comments

jedberg

Reply
vander_elst  1 hour ago

Someone high up said something along the lines that they want to see some progress and someone down below looking for a promotion pushed this. This has always been happening but I think before it was more difficult to justify something like this as one would have needed to show the results of an algorithm, now it's easier to convince someone higher up that AI will solve it no worries

Kwantuum  2 hours ago

The fact that this can happen at all without the security team's knowledge is telling.

  • jedberg  2 hours ago

    Probably not as telling as you think it is.

    The security team at any organization is always considered an enemy to product and innovation. It wouldn't be surprising if management made it impossible for them to put in place the monitoring necessary to know this was happening. Especially at somewhere whose motto is "move fast and break things".

  • keybored  1 hour ago

    Important tech people on HN seem to be surrounded by technical excellence while the user data leaks and other sociological externalities happen to trail all the nearby paths.