So, he only has access to a partial version of the database that apparently does not contain user email addresses?! How convenient.
Yet they can somehow check if the username/email exists in the database. 
Quote
2. Username (request will be ignored if the username does not exist)
Quote
3. Email address (request will be ignored if the email does not match)