Simple. By having a shitty password. There sure is somewhere a list of the most commonly used passwords, and if you go through them, you'll find the one for the most people.
In the worst case, there is no limitation to attempts to try to login. This way it could be automated and it would increase the chances of figuring it out.
It takes real subversive faggots with a will to destroy the website to do that.
Lesson: login tied to keypair verification instead of common email / 2step verification. Bypasses IP Whitelist / logs. Requires owner store private key on device.
No one does this because lazy. Convenience > security.
Downside: Owner has to disable cloud backup and watch for update enabled cloud backup.
Unsurprisingly ConPro clowned on him until he went and 41%'d and rdrama clearly managed to guess the master admin password.
I'm guessing it will be like this until u/C gets off his fucking arse and restores it.
In the worst case, there is no limitation to attempts to try to login. This way it could be automated and it would increase the chances of figuring it out.
It takes real subversive faggots with a will to destroy the website to do that.
No one does this because lazy. Convenience > security.
Downside: Owner has to disable cloud backup and watch for update enabled cloud backup.