Sex is one asset that has always had value. While Millennials don’t have much money, they do have one commodity that attracts hackers: their youth and their nudes.

In late August, hackers stole and then sold hundreds of erotic pictures of young celebrities, including Jennifer Lawrence (age 24), Rihanna (26), Kate Upton (22), Lea Michele (28), and Mary Elizabeth Winstead (29).

For Millennials, the theft of personal information was particularly alarming; for most of their lives they have been warned against sharing passwords or banking information but have not considered what other information they might have that others would want. Young people are treading a fine line between sharing huge amounts of data online and half-heartedly trying to protect it. If the celebrity photo leaks suggest anything, it’s that Millennials need to start taking cyber security more seriously before they have more to lose.

Millennials are the most proactive generation about securing their data online, and they also have the most information readily available for identity thieves. For example, 74 percent of 18- to 29-year-olds have cleared their browser history and cookies before, compared to only 42 percent of those over 65, but 69 percent of the same age group have their birth date online, compared to 41 percent of seniors.

But while young people have been proactive in securing their data, many have been lulled into a cradle of trust with their online information. One recent Raytheon study found that 23 percent have shared an online password with a non-family member in the past year, and one-in-five have never changed their online bank account password. While generationally Millennials do the most to protect their online data, they still have major security problems, and they have the most personal information available online to begin with.

Some analysts have hypothesized that Millennials just don’t know any better. For example, a Trend Micro report states, “Most Gen X & Gen Y users had a rush of Internet-based technology thrown at them in the last 10 years and they haven’t had a chance to understand the security implications of this new technology. Millennials have taken to technology in a rapid fashion, and there was no mentorship from previous generations to teach Millennials about security.” But the need for security “mentorship” is overstated. Millennials are digital natives and are adept at evolving to new technology; this isn’t a lack-of-knowledge problem.

What’s different to this generation is that they simply haven’t been the victims of many online attacks. Millennials are substantially poorer than any other generation. According to Pew, the median net worth of a household headed by someone in 1984 was $11,521. By 2009, that number shrank to $3,662. Millennials simply don’t have enough assets worth stealing, whereas Boomers and Gen Xers largely do, either as individuals or as business owners. Young people feel a sense of security with their online information because the chance of them being targets are slim. While they have witnessed significant data breaches like the recent Home Depot and Heartbleed attacks, they were largely not using credit cards in the first place and weren’t in the executive positions that dealt with the fallout.

When Millennials end up being the targets of cyber crime, they’re horrified. This isn’t supposed to happen to them since they haven’t had much to lose. So the news of the celebrities’ leaked photos shocked this generation; indeed, they do have something to offer the hacking world, it’s not just their physical assets.

But in the online world, Millennials are indifferent about government intervention. Young people view the Internet as the new Wild West; no one — not the government or any corporation — should be able to shut it down. They are cowboys who would rather forgo new laws, confident that they can take better care of their assets than the government could. Given the age breakdown of those who have cybersecurity know-how, they probably can. Now the Millennial generation actually needs to take the reins and start protecting their online identities — before their assets are actually worth stealing.