Hello r/AskNetsec community.

It's been a bit over two years since my data has been stolen and supposedly sold on the internet.

However I cannot shake this feeling of vulnerability and paranoia that someone somehow manages to do it again.

So far I have changed all of my online behavior to be more careful when it comes to downloading and entering my data. I use Bitdefender as a anti-virus solution and I changed and keep my passwords in a safe space (physically not digitally) enable MFA wherever I can. However from time to time I still get emails from Microsoft giving me a one time login key or just today I found some recently logged in devices on my PayPal (I never had any MFA notifs for my PayPal and there was no otherwise suspicious activity).

Every time something like this happens I start to sweat profusely and scan my devices multiple times (Malwarebytes Bitdefender).

I just feel vulnerable and paranoid all the time with not much to do against it. Is there any way to be safe or atleast stop being paranoid?

Sorry if this post comes across as rambly and badly worded/formatted English is not my first language and I'm also on mobile. If you have any questions feel free to ask.