My first reaction was "Hey, that's a great idea, it will probably protect a bunch of people."
My second reaction was to wonder if this sets a precedent for Facebook that may bite them in the ass in the future. Are they going to do this for every major data-breach that occurs? Furthermore, is it even legal for their team to be in possession of that "publicly available" list of Adobe user passwords? A lot of stuff is available on the Web, but that doesn't mean it's all legal to possess.
What if this was not from the publicly available list? How would they even know that the password used by the user on Facebook is the same as the password used by the user on Adobe?
They would need to have the decryption key to be able to verify that ...
My second reaction was to wonder if this sets a precedent for Facebook that may bite them in the ass in the future. Are they going to do this for every major data-breach that occurs? Furthermore, is it even legal for their team to be in possession of that "publicly available" list of Adobe user passwords? A lot of stuff is available on the Web, but that doesn't mean it's all legal to possess.