(MANY WORDS INCOMING. FAIR WARNING.)
https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/ (a different report on the same incident Nifty posted in the first post.)
35k users is not "large scale" but whatever. It's a significant sum...
The reality is that no matter how hard you try to secure your info, someone out there will still have a way to get to it. Now, that does not mean they're actively trying to attack you specifically, they're attacking the places you have accounts and hoping to steal your data from THEM. The idea...
Under the "Password and Security" tab in your profile, there's a "two step verification" box right above your existing password. Click it and follow the prompts. I use google authenticator and the setup took seconds.
What Nifty said. I would add that using a password manager like lastpass/keepass/etc... which can integrate with your browser for ease of use is a great way to manage all those pesky passwords so you don't necessarily have to memorize them all. ideally you should have a unique password for each...