Keep in mind, this leak is a compilation of previous leaks. This isn't new.
Actually, the biggest risk here is that such large password lists make it easier to brute-force a hash. i.e say I got into facebooks database. Well, I wouldn't be able to do anything with that. The passwords are encrypted. But, say I also decided to find their hashing method. Then, I can simply hash these 10 billion passwords, or to make it easier, the top million or billion most used passwords, and see if any of them match what I got from Facebook. That may seem like a lot of passwords to test, but a 16 character password has to be attempted up to 30,583,281,110,353,123,000,000,000,000,000 times before you get the correct answer. Using this 10 billion password list, you probally will get into a few accounts in a reasonable amount of time.
And you only have to hash each password once. You hash every single password, you check to see if there are any matches in the database.
Each data breach doesn't just mean you have to change your password. It is a security concern to everyone. It makes all passwords easier to guess.
You may think, well my password didn't show on the list, I'm fine. No, but if even 1 other person used G3n4r1cD0gN1me as their password and its on that list, your password is still comprimised.
You should realistically change all your passwords regularly to randomly generated ones. But that also means you store passwords on your computer, which might break, you lose them all. Security is a pain. even 2fa wont save you, its possible to recieve texts of someone else, though most hackers wont go through the effort if you aren't important, its not easy.
I kind of rambled, but in a nutshell, use 2fa and randomly generated passwords. Or use a few different passwords depending on how secure you think the website is, how important the account is, etc. Email accounts should ALWAYS be their own unique and long password, they are the #1 thing that someone who found your password will try to gain access to.