Since Coinbase is a financial-esque firm that deals with and stores peoples money/BTC it is not at all alright for this to be treated as public information, even if someone already had the email address.
I know CB is not a financial company and they are not obligated to provide the same protections to consumers/customers.
Phishing is not the only reason why a customer would not like their bank to confirm that they have an account.
As a matter of fact in this situation, when someone sends a fund request, CB should never let the requesting party know the name of the account holder, unless the account holder explicitly gives them permission, maybe not even then.
With any other organization law enforcement would require a warrant to get basic confirmation if a customer has an account and the name on the account.
I know CB is not a financial company and they are not obligated to provide the same protections to consumers/customers.
Phishing is not the only reason why a customer would not like their bank to confirm that they have an account.
As a matter of fact in this situation, when someone sends a fund request, CB should never let the requesting party know the name of the account holder, unless the account holder explicitly gives them permission, maybe not even then.
With any other organization law enforcement would require a warrant to get basic confirmation if a customer has an account and the name on the account.