• Ephera
    link
    fedilink
    arrow-up
    4
    ·
    7 months ago

    Hmm, interesting.

    And yeah, that is my understanding, too. If an attacker knows that a certain e-mail address has an account associated, they might try to bruteforce the password or send a phishing mail to that e-mail address, which looks like an official mail from Amazon.

    I’m guessing, Amazon requires 2FA, which would protect from this to some degree, but still seems unnecessary to hand out information like that.