You are right, lots of people are under impression that there is a “dedicated attacker”.
The reality is there are loads of “opportunistic attackers”.
Then you also have to realize all is automated so there is no one hand picking stuff so basically harvesters running over those easy credentials. Successful ones are notified to the attackers. So running those harvesters is low effort and low investment - but even single one lucky hit can be a big payoff.
Then imagine big payoff for someone in 3rd world countries is $100.
The reality is there are loads of “opportunistic attackers”.
Then you also have to realize all is automated so there is no one hand picking stuff so basically harvesters running over those easy credentials. Successful ones are notified to the attackers. So running those harvesters is low effort and low investment - but even single one lucky hit can be a big payoff.
Then imagine big payoff for someone in 3rd world countries is $100.