Account Takeover in $Million Company?

Hi, I am Godson


The Story Of Account Takeover in Fastmail Company : \

What is Fastmail?

Bug: Account Takeover

User Interaction Required : False (May be True?)

Lets Go,

The Flow of the Application:

After Entering the email,

Hmm, There is a skip Button. I clicked the Skip button.

Yes, Application Allowed me to change my password without any verification!

Look Closer to that Image!


Mind Voice:

Heckur Mode ON!

User-Agent Replaced!

WoW, It Works

I report the Bug,

Response :

What? May is not a Bug? (May be Not a Secure Design I think?)

Again I Replied:

Then the Response :


Hi. You said that, this is not a bug, but now this bug is fixed. What you are going to tell for this activity?


Hmm. I am Just Broken

Any Way, Share Your Thoughts in comments in comment Box.

Full PoC :

Lets Connect:

Hi, I am Godson | Security Researcher | Backend Dev | CTFer