Nowadays everybody has them, dozens of them – accounts for various web services – and often enough attackers (often inappropriately called hackers) gain access to them.
The most common cause of a breached account is a weak password. Passwords like “password”, “123456” and “qwerty” are used in millions, and as such are among the first few guesses when an attacker tries to gain access to a new account.
So, my first advice is to think of strong(er) passwords. It should at least be eight digits long and contain a variety of letters, numbers, and symbols (as far as permitted by the website you’re trying to sign up for). If your passwords look something like “Q<CWc/%ejZ1zTE_A” you’re doing it right.
Another important thing is that you should use a different password for each website or service. And by that I do not just mean to append the service name each time, because that makes it easy to guess your other passwords as soon as one of them was cracked.
Actually use a load of different passwords! It protects your other accounts even if a badguy somehow got into one of them!
If you end up with two dozen completely different passwords, you’re doing something right. Admittedly, it can be hard to keep track of them, and if you do have trouble remembering them, write them down in real life (and hide the note in a book) or use a password manager program (like KeePass, which can also generate safe passwords).
Another thing considered a good practice is to use a few different email accounts, like about three or so, and try to keep those private (like, don’t have them listed in any public account profiles).
Some online services offer something called Two Factor Authentication where they want you to enter a code sent to your phone everytime you try to log in with the correct password. This is generally a very good idea, but requires you to keep your phone number somewhat private, as SIM-cards can be and have been replicated. If you have the shekels to spare, get a cheap prepaid phone just for two factor auth and never tell the number to anyone.
Last but not least, try to refrain from creating accounts for shady or untrustworthy services or websites and try not fall for phishing.