“…Once an attacker obtains users' PII, and if only one sweetword in a user's sweetword list contains the user's PII, it is highly likely that this sweetword is the real password and others are fake. For example, for a sweetword list "liyaodong007, gaby1124, abg71993, australiaisno#1, soloelbambino, k646321102, noviembre9101, blueluna17, usa0858199600, kirsten03" which are generated using the real password "liyaodong007" in the linkedin dataset and the HGT proposed in [12]. In a nutshell, this HGT is first trained on a real password dataset, and it converts all real passwords in the dataset into vectors using a word embedding technique called fasttext.…”