What hackers will do is rather steal the big list of everyone’s username and password that is kept on the website’s end. In order to check that you’re entering the right password, the website of course has to have it saved somewhere. Now, most services will keep this big list highly encrypted, so the hacker is either going to have to decrypt that big list, or find a website/service that has weak security and keeps their passwords saved in plain text, and then hope that you used the same username and password on multiple sites – both of these things are surprisingly common.

But – this is not the most common way that people are “hacked” in modern times. Rather than decrypting stuff they’ll just used a targeted scam to get you to willingly reveal your password. They’ll do this by doing stuff like sending you e-mails pretending to be your bank, or sending you text messages pretending that you have a package to pick up or something like that. They’ll create a fake version of the webpage you’re used to using that doesn’t work, all it does is save what you enter into the username + password input boxes for them to use later