>>Good chance of finding one user/pwd combo employing dictionary attack plus perhaps some site specific info and crafting specialized try outs for currently unknown target site pwd (common dictionary result plus DB-site specific info) IMO...
That may be the case, but it's not what happened in real life where expedience/carelessness by "the guards themselves" causes the most breaches. Criminal hacking caused less than 2%. The guards often prefer to focus on the 2% when in fact they need a mirror. ;-)
"... They ne'er cared for us
yet: suffer us to famish, and their store-houses
crammed with grain; make edicts for usury, to
support usurers; repeal daily any wholesome act
established against the rich, and provide more
piercing statutes daily, to chain up and restrain
the poor. If the wars eat us not up, they will; and
there's all the love they bear us."
-- Shakespeare: Coriolanus, Act 1, scene 1