5f4dcc3b5aa765d61d8327deb882cf99

Here's a bunch of people who use "1234" as their password.

It's just not very hard to break into random accounts. Another method I've heard is to set up a website that promises something people want but that requires them to enter a username and a password. For example, post on Craigslist linking to your website and claim it has something like, pictures of your really cheap apartment you are offering in the Mission. When they actually log in you can just give them a message saying "site is temporarily down" - it doesn't matter. Once you collect a whole bunch of username/password pairs, just try them all on bankofamerica.com. Some reasonable percent of people just use the same password for everything. If you want to get fancier, you can even reject the first few passwords people use as an "insufficiently safe password". Recommend they add more numbers and punctuation - then you're likely to get the same password they use for their bank.

I am sad that I do not know the solution to this problem. Never ever using your bank password for other sites is a "personal hygiene" way of solving it - but it's kind of like a deer always running faster than the slowest member of the herd.