> These teenagers are relying on a sophisticated network of trusted Instagram users to post content from multiple different devices, from multiple different locations.
I'm not sure that quite qualifies as a "sophisticated network" but you're right, I would think any service, especially something as big as Instagram, would end all sessions if the password is reset. Could this be by design? Seems like too be to be missed by the security teams though. Does Facebook do the same thing?
From experience I would say that most services do not invalidate access tokes after any account modifications, since you would need to track them. Depending on the service that might not be too trivial, but I would expect services like Instagram to do so. It is becoming more common at least.
Was the same for Amazon as well since I was able to change my passwords and Kindle devices still worked. (Might still be the same, but haven't checked recently).
This is not completely accurate - I recently updated a password on a group account and eventually, I had to log back in on every device. It isn't immediate though - maybe on token expire or something with a delay. It is also a business Instagram account - might make a difference.
I'm not sure that quite qualifies as a "sophisticated network" but you're right, I would think any service, especially something as big as Instagram, would end all sessions if the password is reset. Could this be by design? Seems like too be to be missed by the security teams though. Does Facebook do the same thing?