I stumbled back upon this website after last using it in 2013, really liked the upgrade you guys gave it.
Now, the first thing I did was reset my password, but I couldn’t help but notice that when I entered my e-mail address I got the message: “We found your email”, so I tried a fake email, and got the message: “No account matches [email protected]”, this is a potential risk to the website as it is very easy for me to simply run a database of e-mail addresses / usernames on this screen and simply see who is using this website and who isn’t and target them directly.
I would advise you to change the 2 different messages to 1 generic message along the lines of:
“If there was an account associated with , you will receive an email within the next 24 hours.”
I do hope this will be taken into consideration.