The account data is stored in the mysql database mysqldb in the table Accounts.

DBA or high privilege account was acquired by the attacker, although the attacker can get all the data in the database, but because the sensitive data is encrypted, it still can not get plaintext.

If account information is sent to one of these "spoofs", it usually winds up in a thief's database list of accounts to steal.