Our TIN is registered with a corporate email address — which is a distribution list with about 10 members. As a result, the password reset email was delivered to all members of the list.
Unfortunately, none of them could proceed with the password change because the reset link contains a session token embedded in the URL, making it session-specific. This means the link must be accessed within the original session in which it was generated.
The same email was later forwarded to me, but I was also unable to use the link. When I attempted to access it, I was redirected to the login page instead of being allowed to reset the password.
