But the security hole is not that you can access someone else’s email messages..... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		aserafini on March 13, 2020 \| parent \| context \| favorite \| on: Tell HN: Your old Yahoo Mail emails are probably g... But the security hole is not that you can access someone else’s email messages.. it’s that you can do ‘I forgot my password’ flow for accounts associated with an email address that was previously owned by someone else!

ta999999171 on March 13, 2020 [–]

That's a major hole in web authentication...not Yahoo!'s mail service.

throwaway373438 on March 13, 2020 | [–]

It's both. Yahoo! used to maintain a policy against address reuse for exactly this reason.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact