diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php
index 637c3db1b..1dd7d3729 100644
--- a/app/Controller/BaseController.php
+++ b/app/Controller/BaseController.php
@@ -153,7 +153,8 @@ abstract class BaseController extends Base
         }
 
         if (! $this->userSession->isAdmin() && $this->userSession->getId() != $user['id']) {
-            throw new AccessForbiddenException();
+            // Always returns a 404 otherwise people might guess which user exist.
+            throw new PageNotFoundException();
         }
 
         return $user;