Two-step verification should be available on everything but that still doesn't make things secure. People have to take care of their own security because there is no such such as absolute security, if you can get into your account then other people can and it's up to you to make it as difficult as you possibly can.
Make sure passwords are unique, as complex as they possibly can be and change them at set periods. Never leave payment details on an online account, whatever that account is for. The simpler it is for you to get into your own account, the simpler it is for other people to get into it too.
I use an offline password manager and below is typical of the randomly generated passwords that I use. It would be stored offline and I simply copy it in when I need to use it.
2XHGrJs98t#c+P9QWM{6wck}RiBW]x
I always ensure that my passwords are as long and as complex will allow them to be, that still does't mean that any account is absolutely secure but greatly reduces the change of somebody brute forcing their way into accounts.
The only password that I have to remember is the password for the password manager, which is kept separate to anything online.
I really do hope that you manage to sort this out but people really do need to do as much they possibly can to make it as difficult as possible for people trying to get into your account.