[3rd3]

I wonder why internet companies don’t have contingency plans in place for data theft. I would be glad to be able to check whether my account is affected and to receive an email with instructions immediately. Instead it’s always a big surprise and it takes weeks until details are published…

[jimktrains2]

I wonder why internet companies don't just do the right thing and use good hashes (or better methods like SRP, but that requires client updates) so that none of this would even mater

[mildtrepidation]

Because they don't start out with well-designed systems (that costs money), and they don't want to upgrade their systems to be good (that costs money).

It's very simple, but it's only obvious after you've seen it happen too many times.