Hi @Van Eycken Steven , this is expected behavior! Do you ever get emails with OTPs that you didn't request, and they say to ignore them if you didn't request them? It's the same concept here. That way bad actors can't determine if a certain user exists in the system. Please let me know if you have any questions!
If this answer helped you please mark it as "Verified" so other users can reference it.
Thank you,
James