![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.dbzer0.com/pictrs/image/a18b0c69-23c9-4b2a-b8e0-3aca0172390d.png)
Is it possible that this password was really your gf’s password in the past ? It could have leaked long ago and the hacker just decided to use a previously leaked pass to be more inconspicuous.
I don’t think this whole story is so wild, it could be just coincidental. The hacker knew somehow about her DOB and thought this would be an easy password.
Rest assured a hacker wouldn’t want to use their own password or reuse even one as that could link to previous nefarious activity. So they had to set up a brand new password just to move forward. So they set up anything personal they could get their hands on.
PS: you should check haveIbeenPwned for the address of your gf.
If you do self host I suggest reading carefully the Gmail guidelines for mails. They are the leaders in the field and they dictate the level of security required.
DNS forward and reverse, DKIM, SPF, DMARC, ARC, DANE, bounce signature etc. Email is indeed a very complicated thing to host. I work on emails system all day and and I wouldn’t host my own mail.
Even worse I’m hoping email disappear and another technology takes it place. Emails are unreliable and outdated, they need to go.