Something Very Weird With Delicious

I forgot my password so I went to the reset password function. It showed me the email address that I had used to sign up to with and an option to change that address. I changed it to something else without needing to enter a password or anything. I got confirmation of the change sent to both addresses. Then, I went back to the reset password page and clicked the link for to send me a password reset link. It happily sent it to the new email address that I'd entered.

So what's to stop anyone from going to, changing the email address to my account and then getting access to change my password? WTF? Tell me what I'm missing here?


Other posts tagged as del-icio-us, personal, security, technology

Earlier Posts