A security researcher recently discovered a flaw in the way Instagram handled the validation of password reset codes. This defect means an attacker could request one million password reset codes within a ten-minute window and with 100% success.
My Instagram account was hacked last night (despite my clever password “password”). We apologize, and we thank everyone who brought it to our attention. I’m going back to sleep now.
— Ellen DeGeneres (@EllenDeGeneres) August 23, 2019