Oh I see - you mean they have read access, then trigger password reset, then use... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		grey-area on March 28, 2015 \| parent \| context \| favorite \| on: Slack was hacked Oh I see - you mean they have read access, then trigger password reset, then use the token straight away? That does mean they'd be firing off emails which would alert users though.

homakov on March 28, 2015 [–]

It would. They didn't do it probably because they didn't try this trick. But they could i think.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact