I think it is worth noting

As per General Terms and Conditions, it clearly states that:
  1. 5.6 If a third party uses an Account without authorization by gaining access to your Login Details where you are to blame, you are treated as if you had acted on your own.
Last edited:
Only way you are to blame is if a third part user have abused your account is if you have given away your password.
Inputting login credentials into fake software/sites is the end user's fault. Having the same password across multiple sites/applications and giving one of them out is the end user's fault. Not changing passwords after a large password leak (example) is the end user's fault.

I could think of more, but I think I have sufficiently proven my point.