Name & Phone # Leaked when Email is known
If a person enters a known, valid email address on the first event registration page, the 2nd page is pre-populated with the first name, last name, and phone number matching the email address.
Someone familiar with email address of people in the organization (or someone guessing or brute forcing) can obtain the person's phone number or full name in an unauthorized manner doing this.
Details are presented in the comment.
-
Darvell, the information is populated only in case the field access is set to Anybody in member's privacy settings. In other words, if you know the email address
you could find the same information on Members directory page, it is visible and searchable there, for example.
You can change the privacy access of these fields for all members to 'Members only' by default and they will not be pre-populated on the registration form.