When they get the link via dm and click it - they literally give the “hacker” their pw - so no meed for the “hacker” to change it - the people never realize their is even an issue until after they get screwed - at which time still there is no need for “hacker” to change the pw then.
This is quite scary....so just by clicking on the link will give the hacker all the info?
Is it possible this user was using LastPass manager that was just hacked?
https://www.komando.com/security-privacy/password-manager-hacked/871018/
DOnt understand why people use these at all!
Just write and store on a piece of paper or booklet....treat a password just like a private key IMO...never store on a browser or any program period.