The reason we use 128-bit encryption instead of 256-bit is because the chance of a successful brute force attack on AES 256 is effectively zero and the chance of a successful brute force attack on AES 128 is also effectively zero. But AES 128 is faster so that's why we, and the following giants of the web, all use 128-bit encryption:

Apple
Google
Youtube
Amazon
Twitter

If you’re using Chrome when you’re on any of the sites above, you can see your 128-bit connection to the site by clicking on the padlock in the address bar > Connection tab > "The connection is encrypted and authenticated using …”.
 

As further evidence, Bruce Schneier said ”And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the foreseeable future." He is an internationally renowned security technologist, called a "security guru" by The Economist. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. 

There’s even more at:
https://www.quora.com/Why-do-large-sites-like-Google-Amazon-use-128-bit-SSL-encryption-rather-than-256-bit
https://www.quora.com/In-terms-of-security-how-does-128-bit-RC4-compare-with-AES-256

Hope that helps! :)