You have a list of passwords for some place that has been compromised.

You hack shitsecurity.com because they have shit security and discover that the user [email protected] has a sha256 encoded password of

ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f

You then crack this at home. Using a dictionary attack you learn that the password is (password123)

You then start to try other websites: say goodsecurity.com with the log in of [email protected] and password123. Odds are the user reused there password for many websites and that if they have an account on goodsecurity.com you will get in.