The problem is that you often can’t find access to the actual “password” used in the breach. Does anyone know where I can see if it was an actual password or just some made up thing?
I was suggesting something different. Specifically open an account on every service as a tracking canary, say with the same email to help them tie them all together. But on each one, vary something slightly like phone. Then years later, when looking at a leaked aggregator entry, all the phones on the record should tell you all the places they bought/stole data from.