Often, Y has access to X either way, because Y is where the password reset email... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		morsch on Jan 13, 2021 \| parent \| context \| favorite \| on: I stole the data in millions of people’s Google ac... Often, Y has access to X either way, because Y is where the password reset email goes.

jojobas on Jan 13, 2021 [–]

A password reset doesn't go unnoticed. A fake OAuth login very much can. I would be very surprised if no OAuth provider ever did that.

morsch on Jan 13, 2021 | [–]

That's a good point.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact