From what I understand, they (hackers) try known email/password combinations at different sites because a lot of people reuse their passwords. I also find it unlikely that anyone trying hack accounts will spend any amount of time looking at individual passwords if their list is 1000+ (and we know there are leaks in the milions).
I agree that they are reasonably save unless they are targeted.
hperrin@lemmy.ca 4 days ago
The problem is that it’s a common suffix among all of their passwords. That kind of thing is easy to search for in a password leak database.