Hate to tell you, Don, but you can pretty much guarantee that every account you have on a publicly available service has been hacked. From email, financials, e-commerce, hospitality, to your retirement. Every single one.
Now, whether or not those credentials have been put to use is the issue to take from you shuold be your only concern. The best recommendation you can follow is not to use the same password for different systems. Here’s a scheme you can use that will allow complex passwords, that are still rememberable by you, but not someone else:
Start with a root word (let’s use SOHC for the example). Then develop a cardinal date formula (what day of the year is it, perhaps divided by your number of children =34) use the year appended to that number 3419. So you have SOHC3419.
To then create a specific password for each service, use a 2 character mnemonic. PayPal might become PP. So your password for PayPal transactions is ppSOHC3419. If you want to use Gmail, it becomes gmSOHC3419 and so on. The first 2 characters allow uniqueness for each and every service while you retain the “core word” plus a unique number suffix. You can even turn SOHC into s@Hc for more complexity without more effort to remember it.
Annually, like on your anniversary, change the ROOT word and/or suffix. This way, if your single account gets hacked, no other account is vulnerable with the same credentials. Reverse the position of the number and root word even. It’s rather easy and dead reliable. And your root 8 character code (4 letters and 4 numbers) plus 2 character prefix will surpass every systems requirement for minimum characters.
Easy stuff, free to you, and these carry in your brain pretty readily without using Sticky Notes and written credentials in your wallet or Notes app.
