diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb
index 98b810f8..56ccd6c6 100644
--- a/lib/devise/models/lockable.rb
+++ b/lib/devise/models/lockable.rb
@@ -105,7 +105,11 @@ module Devise
       end
 
       def unauthenticated_message
-        if lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
+        # If set to paranoid mode, do not show the locked message because it
+        # leaks the existence of an account.
+        if Devise.paranoid
+          super
+        elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
           :locked
         else
           super