Criminals will automatically enter lists of compromised password/username pairs in order to gain unauthorised access to accounts.
Once an account is taken over, an attacker can drain the account of any value it has, steal any associated personal information linked to the account, and use any of that information for further malicious purposes (e.g. sending spam emails).
Use separate passwords for all of your different accounts. This reduces the likelihood that passwords that have been compromised for one account can be used to gain access to other accounts. Avoid using your corporate network credentials for third-party sites.
Create strong passwords e.g. do NOT use personally linked information such as your pet's name, use the 'ThreeRandomWords' technique.
If you think that your password may have been compromised, make sure to change it. Consider using resources such as 'haveibeenpwned.com' to check whether your passwords have been exposed in a data breach.
Enable Two-factor/Multi-factor authentication on your accounts where possible. Do this, and it will make it much harder for criminals to gain access to your accounts.