[dsl]

You should check out https://www.owasp.org/index.php/Information_Leakage#Accident...

You might increase usability slightly, but in exchange you are allowing attackers to cut the work they need to do to compromise your users accounts in half. If you use email addresses for login, you are also allowing spammers to verify valid email addresses against your system for spam or phishing attacks later on.

[merty]

I'm aware of the fact that this makes attackers' jobs easier. However, many websites (including Codecademy) tells you whether the email address you provided is registered or not, when you visit the Forgot Password page. If you are displaying a message such as: "If the email address you provided is registered, you will receive an email shortly." then I can actually believe that your main concern is security and that's what prevented you from displaying a clearer error message.

Just added this at the end of the post for clarification.