Hackers do not always do things for money. Sometimes, they just want the glory or a little recognition.
For me, it is extremely satisfying breaching a network or popping a box in front of an IT team who are completely perplexed as to how you rendered their security utterly useless.
As a general rule, hackers do not get to see their victims; therefore, the best way to gain publicity amongst their victims, their friends, as the general population is to paste the data breach online. in this way, the IT team is forced to fix the issue and all the glory goes to the mighty hacker. I will discuss the issue of repairing hacks in another blog.
These breaches are so common nowadays that they popup almost daily on hacking forums and paste bin. And if the data that is breached contains usernames and passwords, these credentials can be used in a brute force attack on an unsuspecting victims network to gain completely legit authorized access.
Of course, this will only work if users reuse their passwords which in most cases they do.
Yep you heard me right, if your credentials are stolen and someone uses them, that is not considered unauthorised access. Read more here about what the FTC think about password stuffing and who is to blame when someone is breached.
And unless you have some sophisticated anomaly detection on your setup, you will be none the wiser while hackers peruse your network for more data that they may want to monetise.
There is a really good guide here which can give you the next steps on protecting your network from password breaches.