It depends on what is happening:
– If you try to login to a website, then they will into the same problem.
– If they have stolen the encrypted passwords, then they are not any longer under the restrictions of the site which performs the authentication.
As such, two different scenarios, two different limitations.
Latest Answers