varenc 8 hours ago

My guess is they fixed whatever weakness in their rate limiting allowed an attacker to automate requesting millions of password reset emails. The fix could be as simple as adding a new CAPTCHA to the password reset flow.

Reply View 0 replies
fma 6 hours ago

Yep I got 2 on Jan 9th. he e-mails come from security@mail.instagram.com

I also get a bunch of these e-mails from them every few weeks:

Sorry to hear you’re having trouble logging into Instagram. We got a message that you forgot your password. If this was you, you can get right back into your account or reset your password now.

So, I guess you can actually message them, pretend to another user to rese password? I don't follow many people or have many followers. I can't imagine the attempts on other higher valued accounts...

Reply View 0 replies
Ekaros 8 hours ago

I get those for account I never registered or confirmed email for. I just keep reporting them as phishing they are...

Reply View 0 replies
staindk 8 hours ago

Same, it's very weird. Only ever IG.

Got one a day or two ago again actually.

Reply View 1 reply
d1sxeyes 6 hours ago

I mean, if they knew who was requesting the password reset, then you wouldn’t need to reset the password, just accept whatever auth mechanism allows them to know who is resetting the password.

Reply View 0 replies
flir 9 hours ago

I honestly thought it was a "hey, we're still here, you should log in" dark pattern. (My account's been unused for years).

Reply View 0 replies
ares623 4 hours ago

I’m 100% convinced they send those out purposefully to encourage users to log back in.

Reply View 0 replies