What would you suggest I change it to?

  • compromised -> because it got leaked
  • protected -> immediate memo or reply based on the type of op, plus contacted on discord and hive chat if the handle matches

compromised, yes
protected? not at all
it's just an attempt that was made to contact account the owner, nothing more than that
and that's fine, because nothing more than that could be done
it's just wrong to call it protected because it's way too late for that
victim might thing that's OK to just change it on time, but for example all past communication that used such key (i.e. messages encrypted with that memo key) are forever public since the very moment that key leaked

I agree.
Should I change it to “MEMO key leak damage successfully mitigated/reduced” ?
Or what else?

No, that doesn't make sense.
There's no forward secrecy, once leaked, it's over.
With the active key (where consequences can be much worse as it controls finances) it is ironically much simpler, because first you could tell looking at account history if there were funds movements between leak and the moment key was changed.
In case of memo key you just know that it happened and you can do nothing but just let owner know.
It doesn't protect them, it just inform them (if successful at all) about the fact.

I see what you mean now. Their past encrypted messages are leaked forever, that's a good point.

  1. For memo keys I'll change the post title to "Compromised MEMO key detected"
  2. I'll add some text in the post that says something like "review for sensitive info all the encrypted messages that you sent with the compromised memo key. Now they are all public forever.."
  3. And following your thinking, it's probably better to not disclose their full account name in the "monthly" report.