Most companies related to the exposed credentials issue are competing to offer real-time notifications to end customers, so reactive alerts are now a commodity feature on this field.


The @staysafebot bot is a clear example of this: it is going to send you a tweet if your email account has been exposed (even if the bot does not know you at all, so no provision needed).


But, what about proactive remediation? Some web browsers are now warning users about introducing credentials on non-ssl websites, so what if we can know which technologies are present on a unsecured website and prevent the user to either change the password before being leaked or even warn the user about no registering?


Technology to do this is already out there:


1) https://wappalyzer.com/ is the most accurate web technology detection.

2) http://www.cvedetails.com/ CVE database is one of the most used vulnerabilities database.


So this could be, in my opinion, a nice step on proactive remediation about the exposed credentials issue.