Yeah absolutely they can if you’re using poor online security. The most common would be through reused passwords since websites have breaches all the time. This can easily be mitigated with the help of a password manager and 2fa (stick with totp, passkeys and hardware security keys). The second most likely method would be through phishing schemes, where a realistic looking message from a website/app is sent to you and you input your account credentials. AI is also making this much more difficult since realistic sounding voices of loved ones can be used to trick you into sending over your account credentials but that would be more of a targetted attack. You really just need to be aware of what you’re doing, not click on links unless you were expecting them, and double check identifying information from the sender to protect yourself from this. The last method is really a targetted attack and thats social engineering. This is where a scammer calls in to support pretending to be you, with personal information most likely from online breaches, in hopes of gaining your account credentials. You would just really need to rely on your 2fa and the training of support reps to protect you from this. Mostly common with phone carriers so make sure 2fa is enabled there.