Yesterday I got a notice from Google that someone had discovered my password for my secondary email, and tried to use it to log in. Thankfully, Google denied them as they were trying to log in with an unfamiliar/unverified device.
The password was randomly generated and saved via Last Pass, and the email address itself is less than two months old (as of this post) so needless to say, I'm a bit surprised by all of this. I've already changed the password, but I'm wondering what else, if anything, I could do to prevent this in the future. Any idea how anyone even could have gotten it?