Breaches happen every day and a new threat actor pops on the dark web selling databases (Zomato 2017, Ixigo, BigBasket 2021 etc). I come across them on a regular basis and so do malicious actors who procure such databases at a minimal cost and leverage the information in these databases (credential stuffing/re-use) and do further damage. Such information can be dominantly seen on the surface web as well (it may be outdated).
Point being, keep a track of your emails and where you’ve used them, regularly check for leaks in data breaches, frequently change passwords and use multi factor authentication (Authy) wherever possible!
Hands down my first recommendation to folks to validate if their information (emails, passwords, IP, other PII) has ever been leaked as a part of any data breaches.
Just my first contribution to the community, hope it helps someone! Cheers.