Tip of the iceberg?
I can think of many sites that require you to sign in with your email address (err.. including this one) rather than a separate user-name that could easily be tested for uniqueness.
I wonder how many of those are susceptible to this particular attack?