@centaury Are they? I get password stuffing is a problem, but it's been a problem of current scale for at least a decade and many services require mfa, monitor compromised creds, monitor sus activity etc. I even got my debit card skimmed once, and lost exactly 0 money.
I'd be on a different opinion if we talked e.g. medical data, but many breached services just don't hold data that is much valuable to anyone.