[MassiveOwl]

Be careful with OKCupid. I'd been using it on and off for a while and recently I got a notification saying that my email address on my account had been changed, then 2 minutes later, that my password had. You don't need to confirm anything to change the email on your account! Not even click an email link!

I was panicking

I was still receiving phone notifications despite not being to log into the app. I could see that messages were being sent and received but couldn't access my account. I believe that others are being scammed using my account

I quickly changed all other passwords and contacted OKC immediately. It's been a week now with no response. OKC have lost a paying customer for life

[easytiger]

> You don't need to confirm anything to change the email on your account! Not even click an email link!

Same with instagram. If you don't have 2fa on. I've had my account taken over and couldn't believe it. Utterly pathetic levels of security

[ubercow13]

You mean you can change the email without a password? Why would it be a problem if they require your password but nothing else in order to change your email?

[easytiger]

I'm saying its a problem to change the email without using an email verification link to do so

[croon]

What if you're changing email because you no longer have access to your old one?

[easytiger]

What legitimate scenario would manifest that situation?

That is a by far and away a tiny, minuscule, edge case

[ksbakan]

You should make sure to chargeback your credit card in that case.

[SQueeeeeL]

Well, a paying (until you meet someone) customer

[jl2718]

In real life. The founders already proved that doesn’t happen on the internet.