moderated Re: Changing email address security issue #misc


 

My opinion: someone not part of the groups.io support team should not be able to change a member's email address, even if that member is only a member of that one group, and even if it's a premium group (unless you have some contractual obligation).

A group owner could be fooled by someone pretending to be the user in question, tricking them into locking out the real user.

There are workarounds.

1. Walk the user through changing their own email, if that works out.
2. Remove the old email from the group, and direct add the new email. (If this was a mistake, it can be easily fixed.) The account with the new email won't be able to do things like delete messages posted by the old email, but someone who can't figure out how to change their own email address probably won't be doing that, anyway.
3. Contact groups.io support. This can also be used for situations like "There are 500 users in my group from abc.com who need to have their domain changed to def.com following a corporate takeover."

Thanks,
JohnF

Join main@beta.groups.io to automatically receive all group messages.