Steps to reproduce:
- Use an ipv6 internet connection
- Navigate to login screen
- Use a valid username with a wrong password
- Click "Sign in"
This in fact an information disclosure vulnerability, since you can search for existing user accounts that way. I asked for an alternative way to submit this issue, but didn't get an answer for about two weeks.