Comment by gloxkiqcza
10 hours ago
Password reset emails usually contain a token that expires rather quickly so unless I’m missing something, this should be a non-issue.
10 hours ago
Password reset emails usually contain a token that expires rather quickly so unless I’m missing something, this should be a non-issue.
But you can generate such emails with a public username
Yep. And if you also have access to my email, you can already look at it to figure out exactly what services I have an account with.
If you’ve pawned my email address, you can get my user names, send email reset, etc, etc.
Or the email address you have already hacked into. Why both with the username at that point.