diff --git a/html/user/lookup_account.php b/html/user/lookup_account.php
index b9a0901ff5..fb08e5accc 100644
--- a/html/user/lookup_account.php
+++ b/html/user/lookup_account.php
@@ -18,7 +18,7 @@ $user = lookup_user_email_addr($email_addr);
 
 // if no password set, make it the account key
 //
-if (!strlen($user->passwd_hash)) {
+if ($user && !strlen($user->passwd_hash)) {
     $user->passwd_hash = md5($user->authenticator.$user->email_addr);
     mysql_query("update user set passwd_hash='$user->passwd_hash' where id=$user->id");
 }