So recently I've been getting emails that X account has been accessed from Y country with an IP address that I obviously don't own. An example would be my Steam account which recently got accessed from India (but got foiled, hooray 2FA).
The problem is that I have no idea where the breach is coming from and how it's happening. My system is clean as far as I know, my network is more secure than a regular home network, I'm the only one using said network, I'm not using any caching/proxy/VPN servers, and I definitely have never been to India/Iran/Taiwan/etc.
The other problem is that I know someone definitely has a copy of my plaintext password(s) since, from the example above, Steam Guard only kicks in when the correct password is entered.
Changing passwords for all my accounts is out of the question since I have over 300 accounts spread across the web (which I think where the breach originated). My key accounts (email, social media, finance) are all protected by 2FA.
As a sysadmin admin-ing my own stuff, what measures should I take aside from the usual tips about breached accounts where the threat is unknown? (since usual advice usually assume the threat is known as far as my research yields)