oldGOD here, doxing via password reuse is an underused technique. snusbase is decent at this. if you find a hashed password that hasn't been cracked, you can try these sites:
https://hashes.com/en/decrypt/hashhttps://hashmob.net/ (requires signup so use a burner)
more advanced users may want to install hashcat, but the learning curve can be steep if it's not a simple password:
https://hashcat.net/hashcat/it uses your GPU or CPU to guess up to billions of passwords per second depending on your specs
if you're a noob you can pay hashes.com with crypto to crack the password themselves, and you can refund if it isn't found after 6 hours. i usually leave it active for a few days THOUGH.
the reason is that some people (particularly ecelebs and trannies) make sure not to cross-contaminate their irl identity with their online identity, but reuse their password because they don't expect anybody to find it. for example, they may have come up with a password back under their "deadname" and then carried it with them post-troonout. i've found heaps of "undoxables" this way.
note: finding password hashes that haven't been broken is actually a good sign; jeet and SEAmonkey spammers will bulk download lists of known email:password combinations and then use them to rape login pages, eventually getting the accounts locked and forcing the owner to change the password. if you're the first to ever crack the password, you basically have free reign over their accounts provided they don't have 2fa enabled. (see also: the goonclown hack)
