Comment by ivan_gammel

Comment by ivan_gammel 9 hours ago

7 replies

View on Hacker News

If mailboxes of some people were breached, those reset emails can be used to steal their Instagram accounts. So it can be some other breach being exploited, rather than a vulnerability in Instagram account itself.

thunderbong 9 hours ago

If my mailbox is breached, Instagram will be the least of my worries.

Reply View 0 replies
gloxkiqcza 9 hours ago

Password reset emails usually contain a token that expires rather quickly so unless I’m missing something, this should be a non-issue.

Reply View 3 replies
  • Fire-Dragon-DoL 8 hours ago

    But you can generate such emails with a public username

    Reply View 2 replies
    • SkyPuncher 7 hours ago

      Yep. And if you also have access to my email, you can already look at it to figure out exactly what services I have an account with.

      If you’ve pawned my email address, you can get my user names, send email reset, etc, etc.

      Reply View 0 replies
    • ipaddr 7 hours ago

      Or the email address you have already hacked into. Why both with the username at that point.

      Reply View 0 replies
faust201 8 hours ago

And that would also apply to everything. What else? Banks.

Reply View 0 replies
stackghost 8 hours ago

It wouldn't be reported as an Instagram breach, in that case.

Reply View 0 replies