Hackers usually work off of leaked information from specific sites.

It takes a lot more effort to send out viruses to get into other people’s computers to try to get directly into their password managers.

For every person that uses a password manager and multi-factor authentication there are probably 10 people whose password for some random website like a forum with no real security is the same as their email and bank accounts.

It’s just like thieves breaking into a house. They usually move on from houses with cameras and a locked door because in the time it takes them to break in and steal stuff they could go down the block and find a few houses that didn’t lock their door and steal twice as much stuff from those houses.