An
article on how unverified email addresses were used to login to sites. "could register a victim's email address with an identity provider and a chosen website, then click the social network sign-in button to gain access, all without ever clicking an email verification link."
