Totally agree that generally speaking no one is breaking high complexity passwords. Why break the password when you can just convince someone to change it for you?
Easiest way is just to put up a fake service and they’ll give you their real password (same one they use everywhere). I can do this in a day and get thousands of real passwords and emails if I wanted to.