Summary by arthbajpai277
We found Out a vulnerability in their email verification process and was able to bypass it and turn on 2fa(Step After Email verification), this vulnerability started as Race condition where user had to send a bugged request to server multiple times in a short amount of time to make this work, but Later We found that it works by sending Just Single time as well
Thanks to Wilson sir and Pinterest team
Regards
Arth Bajpai