fordan

Even if passwords weren't leaked there's enough password breach databases out there for them to get a password for people who reuse the same password, and people reuse passwords a lot. (Generic infosec advice: get a password manager if you haven't already and use unique passwords everywhere)

And lol for the thought that this should have been caught in due diligence. You might audit their security processes, but it's not a "yes they're secure/no, they're not secure" question and even "good" security can be breached with enough effort, it's just a lot more difficult than against "bad" security.