Immediately change all of your passwords (including — but not limited to — domain registrar, website hosting, website login information, email, bank accounts, wireless home electronics, and Apple ID) according to the rules stated below. I changed mine every few hours while this situation was still up in the air, and am continuing to change them every few days for the time being.
Another thing you can do is to write down a long random password on a piece of paper and keep it safe. Then append to the random password, a simpler password that you would remember. That ways you have protection from a hacker and also from someone who finds the password written on the paper. ** Also enable mobile OTP based security layer.