Oh, I got a zillion port scans, and people hammering the service login, but never hacked.

Port scans drop to practically 0 once you start blocking all out of country IPs lmfao, I figure if the day ever comes where I might want to access my shit from a foreign country (without a VPN) or whatever I can just whitelist

That’s very lame to say. The incentives of hackers to hack you and compromise your system is very very low. You don’t represent any interest to them.

On the other hand commercial services have very high profile hacking targets and the attack vectors are a lot more sophisticated. Plus if you have a company, you need also to allow your employees to be able to work and you need to give them certain privileges to access the data they need. And guess what, not everyone is super careful.

Plus once you start building stuff, you inevitably introduce bugs and dependencies, the bigger the project, the bigger the dependencies and patching all of them becomes harder and more time consuming.

Big corporations like MS, Google, Apple, etc. are having extremely strict and restrictive policies, including a huge cyber security engineers teams, and this is extremely expensive, especially for smaller companies, who are more focused on their product.

So please don’t think that these companies are run by idiots but a single human mistake can lead to this compromise.

One of the few times I downvote

To the bottom with you!