He was the victim of a credential stuffing attack. You should never use the same password for more than one service, and this is precisely why. If he gets any of his accounts back, have him change his passwords to unique passwords on a per-service basis. Using a password manager (one with 2fa or an offline password manager) will make this much easier for him.
He was the victim of a credential stuffing attack. You should never use the same password for more than one service, and this is precisely why. If he gets any of his accounts back, have him change his passwords to unique passwords on a per-service basis. Using a password manager (one with 2fa or an offline password manager) will make this much easier for him.