General Security Practice
The best security advice I have see is to use a password manager to keep one's unique passwords for every log in. Thus, one only has one password to change if a site is breached.
Another point is not trust links in emails, particularly is some email says there is a major problem with your account. Manually enter the address and see what is actually occurring.