Everything connected to the internet was really bad until automatic updates that are enabled by default (or enforced by sysadmins) became a thing. Wordpress, Mysql, Active Directory... all those things had unpatched exploits that you could trivially tap in to until the 2010s if you knew how to use nmap and metasploit. Add insecure wifi standards like wep and basically every other network was fair game for people who had some basic skills. Heck, facebook only made https mandatory in 2013 after someone made a browser plugin that let literally everyone steal cookies on public networks and log in to other people's accounts. Gen Zers never saw this, but the modern web as a secure place where you can comfortably buy stuff or do banking without worries is a relatively recent invention.