Eh, there are numerous ways they can get you.

For starters, many websites are run by people who take an interest in grabbing passwords. I'm not going to say one from the other because it is random and hard to tell. Basically, don't ever use the same login id in two different places.

Some places for example won't encrypt passwords. Or they have a vulnerability to people who join on and then keylog a production server.

Then, the hacker just sits on the information or sells it.

Eventually, someone somewhere obtains it, with the user id and then starts looking up said person on other forums, websites, games, etc. They're looking for some paydirt.


That's when they get you. Once they've made the connection they'll use it or sell it.

Another usual is brute force. Someone sees your ID and goes to town on a system to figure it out. That's not usually the case with sites that have limited authentication attempts.


The former is usually what happens which is why it is so random. Sites that mandate you use an email account for example are often plagued with a problem. People use the exact same email and exact same password on two different sites/games. Big problem.