Passwords have been leaked from many companies you'd expect to have decent security policies. I have no visibility into that, so I would not assume competence across an arbitrary number of sites. God only knows how many of the services I use store my password in plaintext, or improperly hashed.
Like storing them in planetext? If they're not, I wouldn't think similarities in part of the input would lead to a vulnerability.
Sure, why not?
Passwords have been leaked from many companies you'd expect to have decent security policies. I have no visibility into that, so I would not assume competence across an arbitrary number of sites. God only knows how many of the services I use store my password in plaintext, or improperly hashed.