Hacker News new | past | comments | ask | show | jobs | submit login

They check passwords against other hacks, so if you used the same email-password combination somewhere else that would cause them to reset your account.

https://www.businessinsider.de/spotify-users-password-reset-... "Spotify's security team identified that some of the leaked user credentials might correspond to Spotify accounts"

My email for spotify login is unique, and of the form *+spotify@gmail.com

I assume that’s checked for. For simple SaaS projects compared to Spotify at least, things like that were checked.

more or less everyone analyzing email addresses knows that pattern, so it's easily ignored.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact