Verizon webmail portal exposed multiple vulnerabilities of varying severities. The most serious of those vulnerabilities would have allowed an attacker to intercept incoming emails from any users inbox without interaction. Verizon exposes an API with which an attacker (or anyone) could lookup this internal ID. The userID value in the original request is not actually the target user’s email address, but rather a seemingly internal ID to Verizon. In order to test this, I decided to perform the same request while substituting the ID of another user (from whom I had permission)”]
Source: https://randywestergren.com/critical-vulnerability-compromising-verizon-email-accounts/