|
|
|
|
|
|
by maxheadroom
2336 days ago
|
|
|
>Not sure what the angle is? Maybe a new version of the directory harvest attack[0]? For example, if someone has an email address (or list of email addresses) from somewhere else, one can easily tell if you (or they) have a Facebook account by simply requesting a password reset against it (them). If there's no throttling on password reset requests, one could process a large list rather quickly. [0] - https://docs.microsoft.com/en-us/exchange/recipient-filterin... |
|
|