LASER_oneXM

Level 35
Verified
Lack of standardization of the password reset procedures of web services can help hackers find the phone number linked to a victim's email address.
Online services have implemented mechanisms to allow users to change the login password in case they lose or want a stronger one. The email address associated with the account is necessary for the procedure.

Where a phone number is available, service providers offer mobile text or voice options to receive a temporary code. This is to verify that the legitimate owner of the account initiated the password reset procedure. Alternatively, users can initiate the procedure by providing a phone number to get an email address. In both cases, only bits of information are revealed.