A thought, one way to mitigate such security issues yourself would be to make use of subaddressing (the + sign) in your email address you use for such services, by appending your own random guid, for example, essentially making guessing your exact email address string futile. For example instead of using simply johndoe@example.com you would instead use johndoe+9be28cb9-fd22-4e9f-8144-93f90ab04a1f@example.com when registering. Assuming the service provider isn't using some lame and incorrect email address validation regex.