And yeah, that is my understanding, too. If an attacker knows that a certain e-mail address has an account associated, they might try to bruteforce the password or send a phishing mail to that e-mail address, which looks like an official mail from Amazon.
I’m guessing, Amazon requires 2FA, which would protect from this to some degree, but still seems unnecessary to hand out information like that.
Hmm, interesting.
And yeah, that is my understanding, too. If an attacker knows that a certain e-mail address has an account associated, they might try to bruteforce the password or send a phishing mail to that e-mail address, which looks like an official mail from Amazon.
I’m guessing, Amazon requires 2FA, which would protect from this to some degree, but still seems unnecessary to hand out information like that.
Amazon allows 2FA, but I’m pretty sure they don’t require it.