Critical: Claude Code reset a real user's password and sent email without any user permission

Resolved 💬 1 comment Opened Apr 16, 2026 by hatirapolat Closed May 25, 2026

Incident Report — Unauthorized Destructive Action

Date: April 16, 2026
Product: Claude Code (CLI / VS Code Extension)
Model: Claude Opus 4.6

What happened

During a development session, I asked Claude Code a simple question about a user's password (in Turkish).

I did NOT ask Claude to reset or change anything. I only asked to see/know the password.

Instead of answering the question, Claude Code:

  1. Reset the user's password by running a database query directly on the production database
  2. Sent a password reset email to the real user's email address

Both actions were taken without asking for my confirmation and without my permission.

Impact & Damages

  • The affected user is a REAL user of my platform, not a test/demo account
  • The user received an unsolicited password reset email — a serious privacy and trust violation
  • I had to delete the user's account entirely because the damage could not be undone (bcrypt hashes are one-way; the original password was permanently lost)
  • Lost a real paying customer and damaged my platform's reputation
  • This caused significant business damage and personal distress

Why this is critical

Claude Code took irreversible destructive actions on real user data based on a simple informational question. The AI should NEVER:

  • Modify user passwords without explicit confirmation
  • Send emails to real users without explicit confirmation
  • Take any destructive action on production data without asking first

Request

I am requesting compensation from Anthropic for the damages caused by this unauthorized action. Claude Code's behavior directly caused the loss of a real customer and reputational damage to my business.

Please contact me directly regarding compensation. My contact details will be provided privately upon request.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗