Actually this is a sentiment for years now mate,I have been fighting this for long time now about sending your KYC in bounty hunting in which this happens to so many accounts here,specially those Projects that tricking people telling they need KYC to get their Bounties but after sending these company will gone with investors money.
though you are pointing about the Password yet it is not the main reason here instead it is our details that always vulnerable from these hackers scammers .