If the login succeeds, the account is "hit." The owner of that account is usually a paying customer somewhere in the world who has no idea their credentials were leaked via a data breach from an unrelated website (a practice known as "credential stuffing").

: The tool opens a headless browser (one that runs in the background without a visible window) and attempts to sign in.