The simple things you can do:

[list]
[*]change passwords
[*]use different passwords on all different sites (LastPass is okay, but you could also use a system which adds a couple of chars to each password based on the app/site - it beats the automated brute forcing using the same set of creds)
[*]don't use http to go to the initial page of any of these sites, as many don't refresh session cookies when you log in to an https enabled section, so you are effectively vulnerable for the duration of your session (especially bad in web cafes etc) so use NoScript, HTTPSeverywhere or similar