I keep getting notices of compromised accounts for myself and now I get a few about my clients. I am not sure this was a good idea but I signed up at https://haveibeenpwned.com/. I am now motivated to do something. I've stopped signing up at websites but I am sure the damage has been done.
If you willy-nilly followed common advice of changing passwords frequently and using different passwords on every account you would quickly create a nightmare and become a victim of your own security. Keepass - http://keepass.info/ - may be an answer. I'll followup in a few days if I have any hair left.