User accounts on many sites can be hacked even before they are registered. We are talking about attacks during which an account is registered in advance to the mail of a potential victim. If the owner of the box enters, a shrewd intruder can retain access in a variety of ways. The most common is an unfinished session, but there are many options. In some cases, it is possible to bypass mail verification. Of the 75 popular services, 35 were vulnerable to various attacks, including Dropbox and LinkedIn. Large platforms will quickly fix this, and how many small ones remain with vulnerabilities cannot be counted. The Microsoft security team also published (https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/) a detailed article about this type of attack and how to protect against it.