Missing Account Deletion Notification
Unknown
Vulnerability Details
Currently, there is no email notification sent out when the account was deleted.
I understand it asks for the password to delete but when an attacker somehow get's the credentials, he can only 'read' users data without alarming the user. It would stop him if he knows the user would come to know immediately when all the data was deleted.
Actions
View on HackerOneReport Stats
- Report ID: 245311
- State: Closed
- Substate: resolved
- Upvotes: 5