There are literally thousands of password trading sites who steal passwords using "exploits", "key -stroke loggers", "rootkits", "back doors", "packet-sniffing", etc. so there are times the surfer doesn't know they've been compromised.

I reset their password with an x1 at the end, showing it's their 1st offense and I explain to them how to get free spyware, antivirus software. If they don't do that and an x1 password shows up again, they are disabled