2 min read Enumeration Attacks are a type of attack in which the attacker tries to guess or validate a data set with the goal of extracting more information than they had to start out. For example, finding out if a user is a member of the site by trying to log in with millions of email addresses and checking if the page responds differently to an account existing but with a bad password vs not existing in the system.The first step in defending against enumeration attacks is making it infeasible to extract the data they’re after by limiting the number of attempts they can make, and monitoring user activity closely so you know when someone might be trying to break.