Replies: 0
So I log into a site as “admin” and I’m shown a screen saying “this is the admin email address we have, blah, blah blah”.
Presumably someone feels that if a hacker has changed the email address I’ll recognize a problem and fix it.
But are hackers really stupid enough to change email addresses and NOT change passwords?
Has anyone benefited from this verification process? Is there any hard data on success stories?
I’d accept a 1% success rate as justification but I have a hard time believing someone would steal an admin account and not change the password.