Phone Numbers Exposed By Inconsistent Password Reset Processes

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Lack of standardization of the password reset procedures of web services can help hackers find the phone number linked to a victim's email address.
Online services have implemented mechanisms to allow users to change the login password in case they lose or want a stronger one. The email address associated with the account is necessary for the procedure.

Where a phone number is available, service providers offer mobile text or voice options to receive a temporary code. This is to verify that the legitimate owner of the account initiated the password reset procedure. Alternatively, users can initiate the procedure by providing a phone number to get an email address. In both cases, only bits of information are revealed.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top