diff --git a/src/pentesting-web/account-takeover.md b/src/pentesting-web/account-takeover.md
index fe48525c6..0edc45a18 100644
--- a/src/pentesting-web/account-takeover.md
+++ b/src/pentesting-web/account-takeover.md
@@ -111,6 +111,12 @@ From [this report](https://dynnyd20.medium.com/one-click-account-take-over-e5009
 
 This also happened in [**this report**](https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea).
 
+
+### Bypass email verification for Account Takeover
+- Attacker logins with attacker@test.com and verifies email upon signup.
+- Attacker changes verified email to victim@test.com (no secondary verification on email change)
+- Now the website allows victim@test.com to login and we have bypassed email verification of victim user.
+
 ### Old Cookies
 
 As explained [**in this post**](https://medium.com/@niraj1mahajan/uncovering-the-hidden-vulnerability-how-i-found-an-authentication-bypass-on-shopifys-exchange-cc2729ea31a9), it was possible to login into an account, save the cookies as an authenticated user, logout, and then login again.\