diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6469817e..661ca739 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ Mail:
 Control panel:
 
 * Prevent click-jacking of the management interface by adding HTTP headers.
+* Failed login no longer reveals whether an account exists on the system.
 
 Setup:
 
diff --git a/management/daemon.py b/management/daemon.py
index 6de0a59a..04c68a0e 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -49,7 +49,7 @@ def authorized_personnel_only(viewfunc):
 		except ValueError as e:
 			# Authentication failed.
 			privs = []
-			error = str(e)
+			error = "Incorrect username or password"
 
 		# Authorized to access an API view?
 		if "admin" in privs:
@@ -125,7 +125,7 @@ def me():
 	except ValueError as e:
 		return json_response({
 			"status": "invalid",
-			"reason": str(e),
+			"reason": "Incorrect username or password",
 			})
 
 	resp = {