By far one of the most notorious threats to account takeovers is through brute-forcing credentials. Brute forcing is when an attacker will try to guess your password. And guessing is not complicated, given there are GitHub repositories such as Seclists. SecLists is a compilation of the most used online passwords, usernames, directories available to the public for security researchers, CTF players, pentesters, and red teamers. 

Pairing a massive compilation of default credentials from Seclists with a brute-forcing automation command line tool such as Hydra, an attacker can gain unauthorized access to your account. 

The screenshot below shows how to use the command line tool Hydra to automate brute-forcing a login form: