>>107046824
He decided to use hashed email as an account ID, that way you can use multiple OAuths to log in to the same account. If that's really what he did, could that be a vulnerability if any of those services don't require email validation, or at least let you oauth with your email in an unvalidated state? Someone could make an account on a service you don't have with your email and take over your account.
4chan Search
1 results for "0e216b50a0ab7263ceb587013dae1b83"