Hey Discord, care to explain why you can't into Information Security 101: Basics?

WarStalkeR

• November 20, 2021 06:58

I'm quite amazed that in 2021 (and 2022 in close future) still exists social platform that allows to change email without any validation and/or verification from the original email address.

Just look at this email:

Hi %USERNAME%,

Your Discord account email address has been successfully changed. It's kinda like moving to a new address without all the couch lifting and back pain!

If this wasn't done by you, please contact dis.gd/contact immediately so we can investigate further.

Best,
Discord Team

Where is the default "please follow this link, if you want confirm email address change" part? If you think that OWASP Top 10 is not for you, you're mistaken.

If I'd belonged to the security company that tests your service, I would've labeled it as either High Risk (at very least) or Critical Risk (with sufficient explanations).

1

• 

  SpaRe6

  • November 22, 2021 17:01

  I'm on a spare account because I was hacked on Saturday and they immediately changed the email address.

  0

Please sign in to leave a comment.