What if this was not from the publicly available list? How would they even know that the password used by the user on Facebook is the same as the password used by the user on Adobe?
They would need to have the decryption key to be able to verify that ...
They would need to have the decryption key to be able to verify that ...