techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

5.3K
active users

#credentialreuse

0 posts0 participants0 posts today

When you attempt to login on a website and it confirms that the email IS registered. I’ve heard that sites SHOULDN’T do that because it’s a security risk. How? How does knowing that X email is registered present a security risk? Is it due to the potential for credential stuffing / reuse attacks on that site or just user profile (I know Adam has an account at X)?