Comment by pamcake

1 day ago

Had a close call:

Apparently it's possible to bypass 2FA and do a password reset of a Google account without email access, if the account owner doesn't abort it within 30 days. I confirmed that it works by "pwning myself" afterwards. So keep an eye on your old Gmail inbox if it matters.

4 comments

pamcake

throwa356262 1 day ago

Never heard of this before, and I think the mail Google sends you specifically says it is safe to ignore it if it didn't come from you.

Has this recently changed?

omnifischer 21 hours ago

Apparently?

i.e -> fake news.

pamcake 20 hours ago

No.
First-hand account.

rand89 1 day ago

what how does this work