What I found interesting is when checking with https://haveibeenpwned.com/
, all of the 10 listed sites hacked that affected two of my email accounts were from years back. Also, of the 10 sites, I hand only personally opened accounts at 4 of them (DISQUS, MajorGeeks, Linkedin, and Malwarebytes). All associated passwords were long changed. So while the other sites may have had my email addresses, I did not have accounts there and they still didn't have access to any of my important accounts.
That said, I think some people need to go to jail along with very significant fines for those people and the companies they work for. Not the bad guys! No, but the people running those companies and those managing the data at those companies that get hacked.
It is just unfathomable to me that the IT people, the CEOs and CIOs and the security managers at those companies allow such data to be stored anywhere on their systems "in the clear" - that is not encrypted. That's the bigger crime, IMO.
If the company and IT managers understand if they fail to implement even common-sense measures to protect our data/credentials (encrypting usernames and passwords), keeping their software updated in timely fashions***, etc.) they will end up in fail and broke, the vast majority of these breaches would never, could never happen.
*** I note the Equifax breach could have easily been prevented if (1) the patch that fixed the vulnerability that was exploited and released to Equifax months earlier
had been installed, the bad guys would have been blocked from gaining access to that data. And (2), if the data was encrypted, even if the bad guys had gained access to it, they would have had to go through the very tough challenge and process to decrypt it. But sadly, the available patch (which the company and IT managers knew about!) was never applied, and all of our sensitive data was stored in the clear.