Most companies related to the exposed credentials issue are competing to offer real-time notifications to end customers, so reactive alerts are now a commodity feature on this field.
The @staysafebot bot is a clear example of this: it is going to send you a tweet if your email account has been exposed (even if the bot does not know you at all, so no provision needed).
But, what about proactive remediation? Some web browsers are now warning users about introducing credentials on non-ssl websites, so what if we can know which technologies are present on a unsecured website and prevent the user to either change the password before being leaked or even warn the user about no registering?
Technology to do this is already out there:
1) https://wappalyzer.com/ is the most accurate web technology detection.
2) http://www.cvedetails.com/ CVE database is one of the most used vulnerabilities database.
So this could be, in my opinion, a nice step on proactive remediation about the exposed credentials issue.
I made a bot (an automated piece of software) that searches Twitter using their API for common e-mail addresses such as @gmail.com and @hotmail.com. I then check this e-mail address against the Have I Been Pwned database and if you appear on this database, the @staysafebot will notify you.