Bruce Schneier has published an article on self-defense against doxing [schneier.com]:
Doxing isn't new, but it has become more common. It's been perpetrated against corporations, law firms, individuals, the NSA and -- just this week -- the CIA [washingtonpost.com]. It's largely harassment and not [nytimes.com] whistleblowing [schneier.com], and it's not going to change anytime soon. The data in your computer and in the cloud are, and will continue to be, vulnerable to hacking and publishing online. Depending on your prominence and the details of this data, you may need some new strategies to secure your private life [lawfareblog.com].
There are two basic ways hackers can get at your e-mail and private documents. One way is to guess your password. That's how hackers got their hands on personal photos of celebrities from iCloud in 2014.
How to protect yourself from this attack is pretty obvious. First, don't choose a guessable password. This is more than not using "password1" or "qwerty"; most easily memorizable passwords are guessable [arstechnica.com]. My advice is to generate passwords you have to remember by using either the XKCD scheme [xkcd.com] or the Schneier scheme [schneier.com], and to use large random passwords stored in a password manager [schneier.com] for everything else.
Second, turn on two-factor authentication where you can, like Google's 2-Step Verification [google.com]. This adds another step besides just entering a password, such as having to type in a one-time code that's sent to your mobile phone. And third, don't reuse the same password on any sites you actually care about.
You're not done, though. Hackers have accessed accounts by exploiting the "secret question" feature and resetting the password. That was how Sarah Palin's e-mail account was hacked in 2008. The problem with secret questions is that they're not very secret and not very random. My advice is to refuse to use those features. Type randomness into your keyboard, or choose a really random answer and store it in your password manager.
Finally, you also have to stay alert to phishing attacks, where a hacker sends you an enticing e-mail with a link that sends you to a web page that looks almost like the expected page, but which actually isn't. This sort of thing can bypass two-factor authentication, and is almost certainly what tricked [vice.com] John Podesta and Colin Powell.
Most of it is old-hat or even second-nature for many Soylentils, but it's a readable article that could be shared with more non-technical friends and family members.