What’s the Most Overlooked Attack Vector in Personal Cybersecurity?

We talk a lot about phishing, malware, and weak passwords, but I feel like certain attack vectors don’t get enough attention.

For example, one thing I rarely see discussed: old, forgotten accounts with reused passwords.

A few months ago, I checked Have I Been Pwned and realized a throwaway account I made in 2015 had been compromised. The problem? That same password was still being used for a critical service I hadn’t thought about. If someone had connected the dots, I would’ve been screwed.

Other overlooked risks I’ve seen:
🔹 SIM swapping – Social engineering at phone carriers is still ridiculously easy.
🔹 OAuth token theft – People trust "Sign in with Google" too much.
🔹 Abandoned subdomains – If a company shuts down a service but doesn’t reclaim the domain, it can be hijacked.