When you login, if you make a mistake in either username OR password, then the site indicates which field - username and/or password is wrong.

Therefore, someone hacking into the site can try usenames until they don't get an error message. They now know they have a valid use name and can start on the password.

It has been generally accepted best security practice for a decade not to report which field is wrong.

A user used this security breach to confirm that a relative had an account on here by entering email address they knew the relative used, until they didn't get an error message.

So, xhamster, isn't it about time you updated the logon to meet current best practices for logon process. Two stage logon, don't indicate which item is wrong. Don't invoke recapcha.