Let’s say you have an account at some online service – I’ll call it Service A. In addition, you have a Yahoo! account because you use Flickr, a Google account because you use Gmail and a number of other Google services, a Microsoft account because you have Windows. And you use that same wonderfully strong password everywhere. Service A has the best of intentions, but honestly, they don’t “get” security. Perhaps they store passwords in their database in plain text, allowing anyone with access to see them. They do that because it’s easy, it’s fast, and it allows them to solve the problem quickly. They make the assumption that the database containing your password will be impenetrable. This makes easy for the attackers to hack the sites and password.