Y
Hacker News
new
|
ask
|
show
|
jobs
by
jrochkind1
4462 days ago
If their policy is that support staff should
never
be able to change an accounts email address... why does the system let them do it?
1 comments
IgorPartola
4461 days ago
At some point someone has direct DB access and can do this. Sure, normal support people don't but this just makes the social engineering aspect a bit more complex, not impossible.
link