bad chess opsec

chess.com needs to improve there security when it comes to logging into accounts with the big db leak from not too long ago and the very poor security on the login system stealing chess.com accounts is way easier than it should be

a easy fix to this would be to implement a idea similer to what lichess has when, where you try to log into a account lichess checks to see if the infomation has been a apart of a databreach and if it has you can not login without further information while this is not flawless and i am still able to steal lichess accounts even with this it would still be a massive help towards the security and would maintain the simple easy universal login system

I believe the site already proactively checks for things like that and resets passwords if something is found.

https://support.chess.com/article/4567-why-was-my-password-reset