this data was made available through some other combination of services that exposed it, not Coinbase
That assumes the acknowledgement of whether a given email address is a member or not is not data in itself. That is arguable. For example, I know that in healthcare, merely confirming whether someone is a patient of yours is a violation.
But I agree with the larger point that the original disclosure is overblown.
That assumes the acknowledgement of whether a given email address is a member or not is not data in itself. That is arguable. For example, I know that in healthcare, merely confirming whether someone is a patient of yours is a violation.
But I agree with the larger point that the original disclosure is overblown.