@hunterhacker @dplattsf @pjohanneson @thomasfuchs (Because I'll note, while I'm pretty sure this is no longer a valid security question in most contexts, that would be information enough to go from "I know this unrelated person's password and username" to "I don't need to know this other person's password, because I know their username, and I can try to reset it instead of breaking it.".
Or they can do that with your birthday, etc.)
@hunterhacker @dplattsf @pjohanneson @thomasfuchs Which is a long way of saying;
TL:DR; don't over share your information with strangers, and enable MFA already on anything you can't afford to lose.