The best way to keep yourself safe from stuff like this is to use a password manager, and to generate a new password for each account.
Starting using a password manager is one of the single most powerful improvements to my wellbeing in years. It’s so nice to not have to do the “Forgot my password” process for a site I rarely use, only to discover when creating a new password that the site has weird rules around password requirements (explaining why none of the variations for my standard password at the time worked to login).
I use Bitwarden
Most people on this community probably already use a password manager, but if you don’t, then this comment is for you
recklessengagement@lemmy.world 5 days ago
I’ve started generating an alias for every new company I sign up with. Nobody gets my actual address.
For anyone that doesn’t accept an allias, they get a catch-all address passive-agressively named uncooperativevendors@####.com