I switched to using masked emails with Fastmail primarily so I could see who sold my data. The potential security benefit was not really a driver. Having 1Password be able to generate a unique email makes it a no-brainer these days. For those services that require a username that is not your email, they can usually be used without the domain part. Works really well.
I even wrote a tiny little local only web app that I can use to generate a masked email on my phone, so when I need an email for an in person thing I can just show them my brand new weird email directly on my phone.
Any interesting finds on companies that tried to sell your data?
Not really any places where things get sold, but opt-in in the background for newsletters is bad in certain sectors. Ticket platforms are terrible. I like to use a new email for every event and boy does that lead to new round of clicking opt-out until I can deactivate the email after the event has concluded.
I just learned that FastMail provides an iOS shortcut to "Create Masked Email".
Just be careful, you must press Save after or else you'll lose it.