In reality, the next step up on Internet services is moving to 2FA everywhere. Passwords are easily gotten, but 2FA, though doable, raises the barrier immensely. It means that someone would have to know the user's password and have control of one of their devices. This is far harder than just sifting through a pile of passwords found on a bittorrent dump and trying them on various accounts, or guessing a user's grandma's last name.
I'm sure that if the users that had the pictured compromised had their phones secure and had 2FA on, we wouldn't be inundated about these stories.
Of course, 2FA isn't a perfect solution. Lose access to one's phone number that is used for texting codes, and lose access to the recovery key... and one is hosed big time, be it if they are on Google, Dropbox, Apple, even Yahoo. The ideal would be a vendor neutral keyfob that can be used with everyone's 2FA systems, either as the main means of authentication, or as a tool for recovery, where the keyfob can be stashed somewhere physically secure if there is no other way into an account.