View Single Post
Old 26 May 2022, 08:43 PM   #2
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,658
Twitter's handling of users' email addresses (perhaps alos phone numbers?) is the exact opposite of "securing their accounts":

Twitter allows a user to enter an email address and set it up to receive notifications without verifying the address. Then that address can be used to reset the account's password. If the address belongs to someone else (such as if it was misspelled, if the email account was closed and the address given to someone else, or if the user specified an arbitrary address so as not to be bothered my email from Twitter and its "partners") then that someone else would receive Twitter's notifications and would be able to reset the password.

I never signed up for a Twitter account, but I twice had to reset some user's password to stop the flow of someone else's Twitter notifications to some of my addresses because Twitter does not provide any other way to tell "do not send to this address", and doesn't bother to verify the address in the first place.
hadaso is offline   Reply With Quote