People tend to be the weak link in security.
I can see someone recently getting hired as a customer service rep at T-mobile. They are told do not give out any information regarding any account, unless you first verify with this, this, and this. Then, that rep gets someone calling them who only needs the account number. They think to themselves I was told not to do this, but what harm can that do? It will make the customer happy.
Little does the rep know, that information just let someone steal that phone number, bypass 2FA with Authy and SMS, and steal all their bitcoin.
The crooks can be crafty. There was a case a while back where they were able to extra data from Apple and other sources to get control of a Twitter account. Data such a SSN, credit card number etc should not be used to confirm identity. We should be using digital signatures by now.
I have a feeling that it won't be long until we see the blockchain revolutionizing security.