

EA forces password reset but tokens don't expire after use. - wwarneck

In response to the LulzSec password leak, EA forces a password reset for everyone. However, the token doesn't expire after it is used.<p>A screenshot of the email with the token removed of course. http://min.us/mvfYihP<p>Sweet.<p>edit: updated title to reflect that they may expire after a certain time, but not after use. This also raises the question, what happens if they expire but you don't use the link before the token time expires?
======
ctide
Yeah, I ran into the same thing. There was no way to force it to no longer be
valid, even creating a new forgot PW request left the old link active.

