For example, if the attacker has hijacked the login form, and I haven't logged in years, then I'm not at risk. Details like this can help us make intelligent decisions. It's one thing if they stored in passwords in clear text, another - if they used MD5, and a third thing - if they used SHA1, bcrypt, etc.
We have to know! Piecemealing this shows they are clueless!
We have to know! Piecemealing this shows they are clueless!