Back when I was a teen I used to fraud people and scam ebay sellers through paypal. If I were to somehow gain access to an email (via RAT, Cookie hijacking), one of the easiest ways to recover a password was to look for a provider that sent out a plaintext password. Chances are the unfortunate target used the same password on every site (or if it was lowercase and alpha, that password + "1").
That would grant continued access to the email, and other sites that took protection a little more seriously like Paypal and Bank Logins (you can't reset a Paypal password with just an email, and if you could, such an action would make Paypal fraud detection software go nuts).
That would grant continued access to the email, and other sites that took protection a little more seriously like Paypal and Bank Logins (you can't reset a Paypal password with just an email, and if you could, such an action would make Paypal fraud detection software go nuts).