.@netflix - WTF, how do you allow a zero-confirmation email address change for an account?
But because of this design, an attacker can completely take over the account (log-in -> email change -> PW reset). This is terrible security design and needs to be fixed immediately.
Hey guys, thanks so much for reaching out with your concerns. We will definitely take this feedback on board. For further context, here are some of our recommendations for account security
http://bit.ly/1pQgMQP *KB
-
-
See my follow-up here: https://twitter.com/chandlerc1024/status/1213108431672037377 … Notably where I point out that the first thing to do is stop blaming your users for bad security design. =[ This tweet is actually part of the problem.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
, my girlfriend's account was taken over this week with the same steps.