Once the victim chooses a password, the attacker can then take those credentials and start trying them out on third-party sites, knowing that users commonly reuse a handful of passwords.
Enter your current password to proceed:
