What's this called? - Attacker starts to create a user account on some site - They put someone else's email in - The victim clicks the link because they are dumb, or because the hacker knows that they're a customer - The attacker is now authenticated as the victim
This is a very bad security ux. In a secure environment, you don't have access to email in the browser you sign up for random sites in. Link clicked from email is new session, maybe on different device.
-
-
I agree - but I've seen two separate teams make the mistake, so I'm wondering if there's a name for it...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.