A7:2021 | Password Reset (3) | Cycubix Docs

Find out if account exists

As stated before during a password reset often you will find a different message depending on whether an e-mail address exists or not. By itself this might not look like a big deal but it can give an attacker information which can be used in a phishing attack. If the attacker knows you have a registered account at a site, the attacker can for example create a phishing mail and send it to the user. The user might be more tempted to click the e-mail because the user has a valid account at the website. On the other hand for some websites this is not really important but some website users would like some more privacy.

The screenshots below are taken from a real website:

Last updated