Criminals will automatically enter lists of compromised password/username pairs in order to gain unauthorised access to accounts.
Once an account is taken over, an attacker can drain the account of any value it has, steal any associated personal information linked to the account, and use any of that information for further malicious purposes (e.g. sending spam emails).
Use separate passwords for all of your different accounts
This reduces the likelihood that passwords that have been compromised for one account can be used to gain access to other accounts. Consider using a password manager to help you.
Avoid using your corporate network credentials for third-party sites
Companies can't guarantee that they can keep your data/credentials completely secure, so the best mitigation is to avoid using them. Review your corporate policies as to whether or not the above is permitted.
Create strong and unique passwords
Avoid using personally linked information such as your pet's name/partner's date of birth. The NCSC recommends using the 'ThreeRandomWords' technique.
If you've been notified that your password has been compromised, or you suspect it has, make sure to change it.
Consider using 'https://haveibeenpwned.com/' to check whether your passwords have been exposed in known data breaches.
Enable Two-factor/Multi-factor authentication on your accounts where possible.
Do this, and it will make it much harder for criminals to gain access to your accounts.
As always, keep an eye out for any suspicious follow-up activity (e.g. spam emails/calls/social media messages, banking activity).
If you suffer from this or any other type of cyber crime, please report it to Action Fraud.
We always encourage victims to report the crime to ActionFraud via phone (0300 123 2040) or website (https://www.actionfraud.police.uk). Reporting helps build intelligence for law enforcement, which can aid investigations and informational campaigns.