Specific messages for wrong password or wrong mail – which is the correct practice?

I built two different error messages in login flow. One for when users err the mail and another when users err password.

The developer whom I'm working with suggests to let just one message to avoid hacking attempts.

The question: Is it this important? My intention is to avoid frustration and be clear about the potential problem.

Note: The app is for parents picking up kids at school, so privacy and security are relevant things.

I'm not completely sure that this question is about user experience, although it might affect it tangentially.