@Crzytee
Yes, an account can be h4c|<7d even if not in use.
A h4c|<7r could:
* use brute force on the password
* use social engineering on the support system
* steal saved passwords from the account owner's browser
* h4c|< the email account connected to the account
* purchase account data from older dumps floating around the dark web