Change all your passwords or start using a good password manager. Carry on with your day.
If you want, go to the 'Have I Been Pwned' website to check your email address/passwords. Although I know it's a 100% legit site, I only checked my email addresses. I just can't bring myself to typing my passwords in for anything but actually authenticating using that password. Irrational, I know, but that's me.
Use common sense with your passwords.
If you don't want to use a password manager or use a different password for each and every single login, at least create tiered passwords so that you're not using the same password for your email or bank accounts (highest security) as you do for forums and registration services that you'll almost never use and don't gather critical info about you (lowest security). Usually, 4 or so tiers of passwords are good enough, if used properly.
Remember the authentication/account verification chain.
NEVER use the same passwords for services that are used to verify your identity with other services. Email and bank accounts are two of the big ones here. Most banks will email you about suspicious activity and/or for verification. If your passwords are different between the account that is compromised (bank, for example) and the account used for verification (email, for example), that will stop a would-be thief in his or her tracks.
Don't use Post-It note (or ePost-It note) security
It's best not to write down your passwords, but if you must, keep it behind some heavy security, like FaceID or fingerprintID. Also, if you do have a password list somewhere, make it only part of the puzzle. For example, if you password for Tom's Hardware site is Password456 list the password as Pa***6 (or something like that). That way even if someone gets that far 'inta yo bidness' they STILL don't have your actual passwords. The starred-out password should be enough of a hint for you to know which password it is.