This isn’t turning out to be true. Seems like people are re-using their same usernames and same passwords for different sites. Maybe even the same secret questions.
What is scary is that another company may have been hacked and the hackers are trying that list to get into your iCloud account.
To get around this I use 1Password which isn’t cheap. I used to use Password Wallet, there are quite a few. I generate a different random password for each website.
Another option is two-factor authentication. A lot of sites use this now. You can receive a txt when your account is changed or new login on a computer to confirm it’s you.