pull down to refresh

Someone exploited a session cookie vulnerability in Gmail back in 2016 to send me an email said to have been sent by me with some mysterious and threatening gobbledygook. I went into defcon1 with my passwords that day.
It wasn't a real hack, just a troll.
More recently somehow a Brave Sync key got compromised, and I saw mysterious new devices syncing to it. Suffice it to say, defcon1 full password change and on top this time I purged a heap of sites I never want to use from my list of passwords.
Being that I don't know how that brave sync private key got leaked I can assume there is or was an exploit for their system that at least once I have seen it used to acquire a copy of brave sync data.
Never had a similar problem with Keybase storage before, but I am protesting their lack of p2p sync and the fact that they are storing my (encrypted) data, which is one essential step in breaching my data. Not that Brave is really any different, and clearly less secure.
I dream of the airgapped life...