Is it possible to hack into anything including apps?Watch
Well, if the hackers use the method I mentioned, the big companies cannot really do anything about it. They target the users, so it's up to them to secure their account and not fall for scams. This is often done with emails saying ‘please login’, but with a link to a fake website. It can also be done by installing dodgy software that grabs all passwords.
Phishing, Vishing and Whaling are all vectors of attack into an organisation, the human link is always the weakest.
Compromise something small and then we pivot.
Here's another way of thinking about it, you can apply this in other situations accordingly: breaking into a high security building which has backup power as failover for example, it's still a system based upon the rules of a building, if one fails then so does another - i.e. electricity.