This is a quick PSA (Public Service Announcement) to go check to see if your email address is included on the recently released-to-the-public Anti Public Combo List or the Exploit.in list. I was listed in the Exploit.in list. Note that if you are on the list, you generally did not do anything to cause yourself to be on this list - a website that you used was compromised and the account database was added to list.
The potential harm, though, is that one or more of your passwords is now publically accessible. If you still use this password, you are subject to fraud, account takeover, or malware distribution.
The moral of the story is to use a good password story and strong passwords for each website. I use LastPass as it is now free and is available on all of my devices. Another option (for the sites that accept it) is to use Two-Factor Authentication. Apple, Microsoft, Google, Facebook, and Twitter all support it.
To check yourself, visit the Have I Been Pwned! website. It will tell you of all of the public breaches that you may be affected by. If you are a system administrator, you can do a domain-wide search to see what business email addresses may have been compromised.
See Troy Hunt’s blog for more information about the Anti Public Combo and Exploit.in lists which affect almost 460 and 590 million users respectively.