This generally goes against security best practices as it can be used for attempted user enumeration. A better version would be “we’ll send you an email with your account status if this user exists” but obviously that results in a fair amount more complexity (and cost) to implement
This generally goes against security best practices as it can be used for attempted user enumeration. A better version would be “we’ll send you an email with your account status if this user exists” but obviously that results in a fair amount more complexity (and cost) to implement