Currently, the system provides different error messages on the login page depending on the scenario:
For a non-existent email, the error says, "Member Not Found."
For a valid email with incorrect credentials, it says, "Member not found with given credentials."
From a security perspective, this creates an opportunity for attackers to use the platform to identify which email addresses are registered users. An attacker could script an attack to test a list of email addresses and determine which ones are valid in your system, making those emails potential targets.
A best practice in such cases is to use a generic error message regardless of the scenario. For example, always responding with something like "Invalid username and/or password" ensures that no information about account existence is revealed. This approach enhances the security posture of the platform and is very easy to implement, just a quick text change.