industry2026-05-236 min read

"Is this email registered?" — how your signup endpoint leaks PII to phishing bots

Name: thMenu
Rating: 4.9 (127 reviews)
Author: thMenu

Attackers use the signup endpoint as an email-enumeration oracle: 409 vs 200 distinguishes registered from new emails, leaking the affiliate user list to phishing bots. thMenu's PR #560 SS F6 fix: uniform 202 response + 150-250ms randomized timing equalizer.

thMenu Team

thmenu.com

Found this helpful? Share it.

X / Twitter LinkedIn

✦📈

industry

Why Digital Menus Increase Restaurant Revenue by Up to 30%

Studies show restaurants using digital QR menus see measurable increases in aver…

✦🔻

industry

When a Customer Downgrades, What Happens to Old Features? — The Silent Feature-Drift Problem in SaaS

Most SaaS apps run a single line of code when a customer downgrades — but old fe…

✦🛡️

industry

JWT alg-confusion attack — why Supabase's HS256 → RS256/JWKS migration breaks legacy verifiers

Verifiers that never decode the JWT header are wide open to `alg=none` and alg-c…

"Is this email registered?" — how your signup endpoint leaks PII to phishing bots

Related articles

Why Digital Menus Increase Restaurant Revenue by Up to 30%

When a Customer Downgrades, What Happens to Old Features? — The Silent Feature-Drift Problem in SaaS

JWT alg-confusion attack — why Supabase's HS256 → RS256/JWKS migration breaks legacy verifiers