Compromising accounts through reused passwords is nothing new or unique—this technique is commonly referred to as credential stuffing. Far too many people use either the same or similar credentials across multiple accounts. Threat actors know this and exploit it regularly by trying these credentials as well as small variations on them against a number of websites in order to compromise accounts on other sites. This is why it is vitally important that users make it their common practice to utilize password management services to create unique and complex credentials for every account that they have. Any users who have made it a practice to reuse identical or similar credentials across multiple systems should begin phasing out those passwords in favor of more secure password policies. Credential stuffing is especially damaging when used against corporate accounts to access VPN, Office365, Google G Suite or other services that provide access to sensitive company information. The Binary Defense Counterintelligence service provides monitoring and advanced warning for corporate account email addresses compromised in third-party data breaches that are sold on the Darknet. More information on this incident can be found at https://www.pymnts.com/news/security-and-risk/2020/instacart-blames-reused-passwords-for-account-hacks/