>It would make the world a better and more secure place if companies took proactive security measures.
I _absolutely_ agree. I just do not think it is possible to require every company to monitor every data breach, check those breaches for emails that are in-use on their service, check the passwords (not always possible), and then require a change if the password matches.
>Plenty of companies (e.g., Tumblr) specifically do this and require email verification + password change if yours was breached.
You're saying that if HackerNews was hacked and my password was leaked, that Tumblr will ingest the breach data, cross-reference if I have a Tumblr account, and then have me change my Tumblr password? Are you sure? Do they have a documented process on how they do this?
Edit: I've spent some time now looking at the Tumblr website and do not see any indication that they do this, but would be happy to be corrected. Or a link to any company that does this, it doesn't need to be Tumblr.
I _absolutely_ agree. I just do not think it is possible to require every company to monitor every data breach, check those breaches for emails that are in-use on their service, check the passwords (not always possible), and then require a change if the password matches.
>Plenty of companies (e.g., Tumblr) specifically do this and require email verification + password change if yours was breached.
You're saying that if HackerNews was hacked and my password was leaked, that Tumblr will ingest the breach data, cross-reference if I have a Tumblr account, and then have me change my Tumblr password? Are you sure? Do they have a documented process on how they do this?
Edit: I've spent some time now looking at the Tumblr website and do not see any indication that they do this, but would be happy to be corrected. Or a link to any company that does this, it doesn't need to be Tumblr.