Comment Not sure if someone's mentioned this... (Score 1) 563
because I CBA to read ALL the comments, but wouldn't it seem like the hackers approach would just be as such, then:
Try to change your password to a couple of different ones, finding perhaps 3 (or more, depending on the allowed failed attempts) passwords that are locked out, thus guarenteed to have a hit SOMEWHERE. Then, try those three passwords on every email you have in your database. Wash, rinse, repeat.