My guess is they fixed whatever weakness in their rate limiting allowed an attacker to automate requesting millions of password reset emails. The fix could be as simple as adding a new CAPTCHA to the password reset flow.
My guess is they fixed whatever weakness in their rate limiting allowed an attacker to automate requesting millions of password reset emails. The fix could be as simple as adding a new CAPTCHA to the password reset flow.