Logic issue in email change process

A security researcher discovered that during the email change process, the new account was not properly validated before making it available for login. As a result of this report, Legal Robot checks that both the current address confirms the change and the new address is verified before proceeding. Also, sign in attempts using the new email address are blocked until the new email is verified.