This is a huge problem - if I know your email, and can get the error pages, I can find out where you have accounts; sometimes I can even find out the account name with that.
Even worse with phone numbers.
If you want to confirm a user is the same as another user on a different site, and you know their phone number, often part of the recovery process will reveal part of the phone (a text has been sent to *-*-*33, eg).
Even worse with phone numbers.
If you want to confirm a user is the same as another user on a different site, and you know their phone number, often part of the recovery process will reveal part of the phone (a text has been sent to *-*-*33, eg).