|
|
|
|
|
|
by lxchase
3331 days ago
|
|
|
Email enumeration is often determined to be a UX choice rather than a security issue. I've explored this in the past with the idea of doing this to popular sites to build a demo/psychographic profile of an email address. Had a MVP hosted but not working at the moment. I remember sites included FB, Sephora, Home Depot, CafeMom, ESPN. Most have a XHR call to an API that determines if email exists or a message saying "Your password is incorrect". |
|
|
e.g. checking if my customers use competitors