[jrockway]

This is why two-factor authentication is vital for email accounts. It's just too easy to accidentally reuse your email password somewhere, and then things like this can happen. With a second factor, someone would have to physically steal your phone or OTP device to access your account, and that's a lot harder for some hackers in China to do :)

[kijin]

> accidentally reuse your email password somewhere

That kind of thing never happens "accidentally", especially if you're smart enough to use two-factor authentication.

By the way: http://www.codinghorror.com/blog/2012/04/make-your-email-hac...

[jrockway]

It happens accidentally. I use different passwords for different services and remember them (rather than store them in a database). Once in a while, I'll type the wrong password into the wrong site. That's game over; the account that actually used that password is now compromised.

[pasbesoin]

This is an important point: Type in the wrong password, and you've potentially given away the account that that password belongs to.

And, other things being equal, the more visible your "presence", including the account that the password belongs to, the greater the risk of compromise.

Did you type that wrong password into a dodgy site? Did you type it into a site that does not use https? While on a relatively more unsecure connection?

Even if you trust the ethics of the site, how do they log, and are those logs secure?

Paranoia: Stimulant of the chronic surfer. ;-)