"It’s interesting to note that the API is using “Basic” authentication, which has a number of known security weaknesses, including the inability to perform account lockouts."
There's no rule that basic auth has to be handled by the stateless basic auth built into your web server. You can handle HTTP auth headers with your own dynamic code, do anything you want with it, including anti-hammering or progressive lockouts.
Article title is clickbait, and btw the HN title is different than the actual title.
Nothing specific to Ms. Munn is in the article. Her only mention is in passing, with the phrase "targeted attacks that were performed against celebrities such as Olivia Munn".
"It’s interesting to note that the API is using “Basic” authentication, which has a number of known security weaknesses, including the inability to perform account lockouts."
There's no rule that basic auth has to be handled by the stateless basic auth built into your web server. You can handle HTTP auth headers with your own dynamic code, do anything you want with it, including anti-hammering or progressive lockouts.