It turns out anyone can change any users password. It's simple, just go to the forgot password site https://www.myliftmaster.com/Account/ForgotPassword and enter an email address. If that email address happens to be tied to an account then the system will reset the password and email the user a new password.
The problem here is that now any login session you already have is now trashed and you'll have to login again. Give it a try, if you're logged into the app just enter your email address into the field and the app will kick you out and you won't be able to get back in until you use the new password.
This is bad on yet another level - sending the users password in the clear. Any jane or joe who sees internet traffic can and will see that password reset email with both your email and new password in plaintext for anyone to see.
With all that said this is the scary part: Someone can not only reset your password and lock you out of your account but with a little knowhow they can also see your new password and have full control of your myQ connected devices.
Help get this topic noticed by sharing it on
Twitter,
Facebook, or email.
Twitter,
Facebook, or email.
-
Brandon - Our MyQ systems will send our password reset emails under a secure connection to the user’s email service provider. Our secure connection is a commonly supported method by most email services. If you have any other questions or would like more information regarding your email service, please feel free to contact us at MyQCommunity@LiftMaster.com.
-
Loading Profile...



EMPLOYEE
