When you attempt to login on a website and it confirms that the email IS registered. I’ve heard that sites SHOULDN’T do that because it’s a security risk. How? How does knowing that X email is registered present a security risk? Is it due to the potential for credential stuffing / reuse attacks on that site or just user profile (I know Adam has an account at X)? #security #credentialreuse #credentialstuffing

Boots yanks loyalty card payouts after 150K accounts get stuffed - The UK pharmacy chain says it wasn't hacked, its systems are fine. It's all the password reusers m... more: https://nakedsecurity.sophos.com/2020/03/06/boots-yanks-loyalty-card-payouts-after-150k-accounts-get-stuffed/ #2-factorauthentication #breachedcredentials #credentialstuffing #passwordstuffing #securitythreats #credentialreuse #passwordmanager #advantagecard #passwordreuse #loyaltycards #breach #boots #2fa