>You may not give much away on one site, but combine all that data across multiple sites, and maybe I can start building a profile on you, identify you, impersonate you, steal your identity, etc.
Why would someone go through that much effort on one person when they can end out a million phishing emails with two minutes of work, get a few thousand replies, get a few hundred people buying their scam and walk away with a six figure payout? The chance of you getting your identity stolen because of password reuse is about as low as getting killed in a terrorist attack: it's not really worth thinking about or putting too much effort into preventing when you're more likely to get hit by a car.
Why would someone go through that much effort on one person when they can end out a million phishing emails with two minutes of work, get a few thousand replies, get a few hundred people buying their scam and walk away with a six figure payout? The chance of you getting your identity stolen because of password reuse is about as low as getting killed in a terrorist attack: it's not really worth thinking about or putting too much effort into preventing when you're more likely to get hit by a car.