(no title)

It's a tradeoff between usability and security, and each site should make their own decision about what is right for them.

It obviously makes attacks like the one in the article easier, but there are other ways to mitigate that.

An example often given for when revealing an email is registered would definitely be bad is dating website and pornography websites - where identifying someone is a member alone could be embarrassing or compromising.

Outside of such scenarios, websites may decide the increased conversion from a more streamlined registration process and lower numbers of support requests for login issues outweigh the marginal security gains from hiding that information.