Seriously account security risk

I would like to inform you about account security risk. I found that the email can change without email confirmation same as a password change.

On the Profile page if you want to change the password. The system will send a confirmation email to your email but for email change, you can change the email without any confirmation.

If someone can access your Navigraph account that means you may risk hijacking the account and personal information such as payment method!

I thought you need to update the email change process by add send the email confirmation to the old email for person authentication.



Thank you for the report. We’re checking this.