18 Apr 2006 at 22:47 - 12
My take. There are a million and one ways to retrieve / figure out a person's e-mail address and password to go with it. This gets considerably easier when you know the person in real life and if one happens to have physically access to a computer that account logs in from. However in that end the how they got it isn't really all that important as it is done. The usual run scans / change passwords will continue to apply.
The why on the other hand in response to post #11 I have my on thought on. No one truely knows just how much logging of actions and transactions Arena Net does, but it is very safe to assume that nearly ever action can be traced back to a log. Therefore once the 'hacker' (for lack of a better term) has gained access to the account, he/she would not be doing themselves a favor by trading / items to his/her own characters for personal gain. If once reported to Arena Net they see in the logs that all this person's belongings went to characters on one or two other accounts it could be viewed that those accounts belong or are related to the 'hacker'. This could result, if it could be proved, in those accounts being terminated. So in the end we have a bad person wanting to do bad things, but smart enough not to do anything that directly point back at him/her-self. That is assuming that the characters were indeed never logged in with and that they were deleted right after gaining access to the account.