Hacker News new | ask | show | jobs
by cotillion 1577 days ago
The mitigation against this was probably the restriction on password resets which support lifted. They just forgot to train support how to deal with it.
1 comments
cutemonster 1577 days ago
If so, what could support have done? How could they verify that the new person was the same as the old

(There was no 2FA enabled)

(I think the "email address doesn't work, so disabled sending to it" theory sounds more plausible actually :-))

link