@davidberneda this is an offline attack, the most common type, the database where the program stores all the password hashes is compromised, happens all the time, then the hackers have a copy of all the password hashes and can crack them at their leisure.