Hacker News new | past | comments | ask | show | jobs | submit login

How did you get the email addresses of all my users, which are used as login name?



From that messed up email from support that leaked them. Or I assumed that you'll have a big cross-section with some other site that leaked.

This is not theory, this is hard-earned experience. Locking-out people is bad, the most that's acceptable is rate limiting to a once every few seconds.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: