A few good general ideas when it comes to passwords.
Use very strong passwords on anything important or valuable. No simple phrases with just a few extra capital letters or a $ for an “s”. Actually long and strong for real. Maybe even use a random password generator.
Do not reuse your email password on any other system for any other thing that requires a login and password.
Do no reuse any password for anything attached to any sort of financial information.
You can check to see if your email has been compromised at http://haveibeenpwned.com/
No, it wasn’t me. No, nothing of major significance was lost after all was said and done. Yes, it was explained very clearly to the offspring involved. No, she didn’t really send hundreds of emails to or from china. Lesson learned.