Threat actors may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help Threat actors determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.