Have you ever heard about the https://haveibeenpwned.com/ website? Or https://monitor.firefox.com/?
You just have to enter your email address and check if you have an account that has been compromised in a data breach.
If one account has been compromised, it means people know that your email address: john.dohn@mail.com was using this password 08october94! on a website. You need to change your password on this website quickly obviously, but it also means that anyone can try the combination on a different website.
What if you use the same email address and the same password on another website?
Let's say I am registering to a bad and small website https://i-love-eating-apples.com I don't care. Ok, quick registering: john.dohn@mail.com and 08october94. Easy password to remember as it is my birthdate :-)
But that's also my password to my Facebook account as it is easy to remember :-)
And my password to my email account :-)
Ok, now imagine someone breaks into https://i-love-eating-apples.com because it was badly secure and get every user information (email/passwords). Why would someone spend time to secure such a website? It is only for fun...
Well, someone has your password and can try it on different websites. Emails providers, social media, messenger apps, etc.
Lessons taught?
Use one password per website (use a password manager). Even if a website is compromised and your account as well, it doesn't impact your other accounts.
That's where https://haveibeenpwned.com/ and https://monitor.firefox.com/ are useful: to have a look at compromised accounts.
Super cool tools, but you will probably only use it once in your lifetime.
They have a less-known functionality: Be alerted if your account is compromised.
https://haveibeenpwned.com/notifyme or https://monitor.firefox.com/. Enter your email address and from now on they will alert you!
If you want to dive a little further, this resource is really great as well, have a look! https://monitor.firefox.com/security-tips