Hacker News new | ask | show | jobs
by paxys 154 days ago
Am I missing something? The source they shared is a screenshot of a password reset email, which anyone can trigger if they have the email address of the account.
2 comments
zwog 154 days ago
You don't even need the email address. The account name is enough to start the password request.
link
salgorithm 154 days ago
I have a masked email* for Instagram and have received two password reset requests in the last five days. Obviously, this is just an anecdote.

* https://support.1password.com/fastmail/

link
netsharc 154 days ago
So what if you have masked emails...

Whoever it is, they just entered your Instagram username in the "To recover your password, enter your username, and we'll email you a reset link" field...

link