Good catch, but it could also simply be that the password had been collected during a previous hack.

The article mentions it at the end but I think they should have insisted more on this point: if you have a very strong password that you reuse everywhere and it gets leaked at some point it has a high probability to end up in rainbow tables everywhere and might not be more secure than "h4x0r1234".

So using hard to guess passwords is the easy part, the hard part is using different hard to guess passwords everywhere.

Could you explain the rainbow tables comment?

I would've thought it'd end up in a dictionary, not a rainbow table. (although I have to admit I've forgotten the details of how rainbow tables work)

Yeah thanks, I literally realized that as I hit reply on that comment lol