The HackerOne email change process was found to have a vulnerability where the system automatically verifies the email address if the verification link is opened in any browser, even by email scanning bots without human interaction. This allowed an attacker to verify email addresses belonging to a specific company and use them to access other services under the affected company's…Read More