> user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware.
So this isn't from website dumps with plaintext passwords.
If I did highly secure work (which I don’t), I’d set up a few honeypot machines and input my “secure credentials” (with a bogus password) into that repeatedly.
Yeah, inputing "secure credentials" traceable directly to you with what you'd hope is a bogus password is a very bad idea, especially if you're doing highly secure work.
