Changing mail adress -- only new adress gets mail?

  • Hi @ all!

    I just noticed that when you change your mail in Opera Link, the verification mail is sent to the new address.
    This is a huge security issue. Imagine someone is stealing your password, changing this and your mail address you even won't get any information about it. Furthermore, you cannot get your account back. Whilst, the guy is stealing everything you synchronize into the cloud, especially passwords!

    It would be very nice if the verification mail is sent to old mail, not the new.

    Looking forward to a reply!
    Thanks!

  • The message is to verify the email address, so it makes sense that it's sent to the new one.

    Remember that to change your email you need to login first.

  • Hi,

    thanks for the reply.

    It does make sense to send the mail to the new one, but problem is still the same.
    If someone stole your password (e.g. MITM, Phishing, hack or something similar) and changes your mail address, you are not notified about and you do not have any chance to get your account back (password changed, email changed, social logins deactivated).

    Meanwhile, all data from opera Link is forked to another computer out of your control.

    It would be nice if the old mail at least gets a notification about the change. At least that...

  • It would be nice if the old mail at least gets a notification about the change.

    Ok, i can agree with that. However there will always be issues:

    • Not everyone uses a valid (in terms of being active) so many of the users won't receive the notification message
    • Depending on how and how fast things happen, your data may have already gone by the time you got the notification
    • Depending on how the account was created, it would be difficult to confirm info and prove that you are the real owner
  • Depending on how and how fast things happen, your data may have already gone by the time you got the notification

    Totally agree with that, but still better than having nothing ;)

    Not everyone uses a valid (in terms of being active) so many of the users won't receive the notification message

    It only would be a real security improvement if tho old mail gets the verification. If someone used a trash mail to register this service (which is btw pretty stupid, 'cause you save important data here) then this is just bad luck for him/her. An early announcement can be helpful at this point.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.