Many people use the same password over and over for everything. There are multiple ways of guessing, tricking, or computing passwords. If you know enough about a person you can guess. You can target them with a fake login “To stop getting spam login with your username and password!” You can literally brute force a password with a program running millions of iterations of numbers, letters and symbols per second until you get a “hit.”

To take over an account you login with the stolen password, reset the recovery email/phone number to things you control, then do what you do.

How to protect against you, the hacker?

Big passwords. Because people are lazy the most common password is: 123456, what an idiot would put on his luggage. The second most common is: password/Password/PassWord/P4$$W0RD… Yeah. Anyone reading this and saying “Hey, I need to change the code on my luggage?” Better is a phrase, words you can memorize. Your child’s first sentence: Dadagiveme1! The last line in your favorite Sabaton song: N0rmandy$tate0f4narchy0verlord. Do *NOT* use anything with birthdays, maiden names, schools, towns or anything in your profiles on any digital media.

These people, if it was a true account breach and not a stupid post they tried to deny later, had weak sauce passwords.

Listen to Darknet Diaries and you will not rest soundly wondering if your old Mojang Minecraft password that you used on everything when you were 12 is still out there, somewhere, waiting to find you.