Instagram password reset flaw exposed user emails and phone numbers.
Cyber Security News reported that Instagram fixed a logic bug in its web-based password reset flow after unredacted recovery emails and phone numbers were exposed. The issue reportedly appeared on June 6 and was covered on June 7. The flaw affected the account recovery screen, which should normally show partially masked recovery options. Meta deployed an emergency hotfix and said there was no breach of its systems. The report says even short-term exposure of recovery contact data can increase risks of phishing, SIM-swapping, and targeted account takeover attempts