This SO MUCH. I can't stand when I get an email, from some service that I haven't used in 10 years and that I have no recollection of actually signing up for, saying "Oh sorry we had a hackings. You need to change your password."
This happened with Yahoo's weird online publishing service thing. I don't even remember the name of it but one of my passwords was in their service and, at the time, I was using the same password everywhere. By the time I got the "Oh we got hacked" email, my twitter account was compromised as well as a few other sites. I didn't even remember signing up for their service let alone having an account.
I feel like some sort of regular clean out should also be standard. If I haven't looked at your site in 5 years, why would my account still be available? I know there are situations where that could cause problems but I'd rather lose an account for (random forum that I signed up for in 2008) than possibly have a breech that could, somehow, lead to my information getting stolen...
This happened with Yahoo's weird online publishing service thing. I don't even remember the name of it but one of my passwords was in their service and, at the time, I was using the same password everywhere. By the time I got the "Oh we got hacked" email, my twitter account was compromised as well as a few other sites. I didn't even remember signing up for their service let alone having an account.
I feel like some sort of regular clean out should also be standard. If I haven't looked at your site in 5 years, why would my account still be available? I know there are situations where that could cause problems but I'd rather lose an account for (random forum that I signed up for in 2008) than possibly have a breech that could, somehow, lead to my information getting stolen...