I agree partly. Given decent personal online hygiene, the amount of serious consequential hacking most people will suffer is low bordering on zero. At the same time, you’re right that very few people will be hack free their entire lives.
e.g.
My primary retail credit card was replaced a couple years ago by the card issuer as a precaution because it was probably caught up in the Home Depot data breach. I never had an unauthorized charge.
Was Home Depot hacked? Certainly. Was I inconvenienced? Slightly. Was I harmed? Not at all. So … was I hacked? I read that as a “definite maybe”. YMMV.
That’s a good point about the fact that a hack can involve you in some way, yet not really affect you. I would argue that you were not hacked in the sense that people are worried about. Mostly because nothing particularly sensitive about you would have been released in that hack. Credit cards are already revokable tokens, and companies have fairly good processes for handling compromised ones (and financial incentives to not ignore the problem). The other data Home Depot might have on you is probably not interesting. Your address, history of returns, and preferred power-tool vendor are pretty meh.
However, if a medical provider you have patronized is hacked, I’d count that as you getting “hacked”. Obviously, this is a bigger issue for people of certain medical histories than for some others.
And people are putting more and more internet-connected “things” on their home networks, despite the very dubious security of most of those things. If a lightbulb that has access to your wifi network gets hacked, that’s a beachhead to taking over your router, after which very likely much of your otherwise private internet traffic is for the taking. This will happen to lots of people.
I’m very tech savvy. I replaced my router firmware with open source firmware because I trust it more and can keep it up to date. But even that doesn’t really make me secure in the idea that I can effectively keep my home network secure. People without a <Liam Neeson>very specific set of skills</Liam Neeson> have basically no chance of doing so.
Agree that there’s a huge risk in people willy nilly adding devices to their home network. Devices that have their own interests and their own vulnerabilities. After some monster problems we may have consumer routers that are just as armored on the LAN side as the WAN side. Right now the LAN side is dangerously trusting. As you point out.
Right now it’s unclear to me what consumer protections apply to asset managers; if somebody logs onto my account at, say, Charles Schwab, and directs all my stocks be sold and the proceeds wired to Bulgaria, and Schwab does exactly that, what happens next? Am I screwed? Is Schwab strictly liable under some statute? Would I have to sue (and win) under a general duty-of-care theory to recover?
What if this happened to 20% of their customers over a long weekend? Even if they’re strictly liable they won’t have enough money to pay up unless the Feds gift it to them.
To me the risk with real teeth is some kind of destabilizsing mass attack on the finance system like that. Either a mass theft that undermines confidence, or a mass manipulation, e.g. flash crash or boom, that equally undermines confidence. The hit to personal and corporate finance from 9/11 was easily 1000x the dollar value of the people, aircraft, and buildings lost. It was far more an act of financial terrorism than it was physical destruction.
We ain’t seen nothing yet. People worrying about somebody stealing their individual pictures from their cloud-connected phone are being silly.