https only means that the data inbetween transmissions is encrypted and is safe from interception - its safer but not safe. - It costs less than £5 to buy a secure connection on your server and requires no formal ID to do so. There is also alot of software that could intercept the keys pressed before even getting to the web.
People using the same password for everything or combinations of are the main way in, for any hacker with an eye on you personally. Random attacks do happen though - mostly through people having common passwords. -- Its easier for a hacker to pick a password to work on, then guess usernames to match - than pick a username and guess passwords.
Most services like FB and Twitter block mulitiple username incorrect logins - which is why changing usernames makes more sense.
As Dan may tell you, owning a server himself, several attempts of hackins are apparent every hour on webserver - when we do get it, its not normally vindictive or personal - its just cos hackers can and will.
Dont use the same password in every site
Make up passwords for every website and use reminders if necessary.
- Your email password has to be the longest and safest thing youve every thought of - as all password reminders for forgotten stuff will be sent to this account.
You only need to remember one password and thats for your email - (or the server if you also run your own email!)
I hate being hacked
its a right pain in the arse! Hope your customers and followers realise it and it all smooths out.
Baz