web2 is basically non-blockchain things, databases with a single point of attack in most cases, like facebook, reddit, banks, etc where if an attacker gets through they can steal information, leak personal details, etc, which can't happen on web3, here it's usually just a single user that can get affected at a time.