Instagram account is reactivated without entering 2FA ($500)

When we have 2FA enabled on our Instagram account, let’s say I have an Instagram account with 2FA enabled. If I deactivate it for any reason, such as choosing to deactivate my Instagram account instead of deleting it to prevent others from viewing my Instagram profile or accessing its data an attacker can reactivate it using my credentials and without needing 2FA. I’ve noticed that if the 2FA-enabled Instagram account is deactivated and an attacker obtains access to its credentials, they can reactivate the account without needing the 2FA code. This is different from Facebook, where entering the 2FA code is required for reactivation. This discrepancy highlights a vulnerability, and it could potentially impact many users. 2FA is a crucial part of authentication, and an account should not be reactivated or any other action taken without requiring the 2FA code.