Foremost, I'm not looking to point any fingers here, but instead try to figure something out.
Two of my friends were hacked relatively recently. I am unaware of the security on their PC, but I know they didn't have authentication. Which I'm sure everyone will blame and discuss no further, but what I'm curious about is how their old passwords were still good. From my understanding most of the methods of hacking either involving compromising the email and then requesting a password change, or some form of key logger to get the password for the D3 account.
Is there any other way to get into a server side account without a keylogger that doesn't require a password change?