The majority of accounts out there don't have anything of value. If it gets pwned the person just resets their password and calls it a day (in fact due to the lack of password manager their usual workflow is to reset the password anyway on each login since they never remember whatever variation of their shitty weak password they used).