Inflection: Unsubscribe Any User

2017-10-21T13:41:36
ID H1:281472
Type hackerone
Reporter hk755a
Modified 2017-11-29T01:15:14

Description

Researcher reported that HubSpot's "unsubscribe" feature allows any user to unsubscribe from marketing emails without having to confirm their email address. Inflection does not consider this a vulnerability, as we want to make it as easy as possible for users to stop receiving marketing emails that they don't wish to receive. This has no security impact on users' accounts, and they can always resubscribe to marketing emails if they wish.