Hacking basically requires a lot of Research on the targeted system, Reconnaissance of the target, and trial and error.

If somebody wants to hack an Kanye’s twitter password, they could google if somebody happens to know Kanye’s password (research), look over Kanye’s shoulder when they type it in (reconnaissance “shoulder surfing”), or create a pssword cracker that runs through all of the possible passwords (trial and error). They can research and develop malware that can control Kanye’s device and then you can look up where the passwords are stored, all of which requires research into what kind of phone Kanye has.
Fact is a lot of basic hacking tools are readily available from reputable companies as penetration tools.
Hackers good and bad are motivated to find vulnerabilities in computer systems just about every computer system on the planet (research and trial & error). They poke at a given system, seeing what inputs give what outputs and see if any otlf then can give higher privedges. When a vulnerability is first discovered, that’s called a “zero-day” hack. Developers need time to patch these and some consumers may not update their systems when the patch is published.
Fact is just about every computer, language, networking protocol, etc was built with security as an after thought, and as a result most security measures are built on top of these insecure systems.