Data breach happens when a hacker gains access to an online service, such as a social media, or an email provider that has been exposed for having a vulnerability.
The attack is only present online, since more often than not, vulnerabilities comes from programmers and system administrators who have overlooked some aspect of the software logic. For example, an open port on which they can communicate, or having a service which will execute commands or receive any files which the software will actively run.
Once the hackers gain access to the service the next step is to somehow connect to their data source, this is most commonly the database.
Hackers can also increase their chances of breaching by trying to deceive the employees of the company to do something for them, this is known as social-engineering, and this could range from asking for internal architecture to asking to reset a password to an account which they don’t own.
Once the breach has been done the attacker will have a short time frame of doing as much damage as he can, either through exporting all users, exporting the whole database or even changing some of the user’s passwords and sending messages pretending to be them, most often, those victims will be, popular people, since they have a large audience.
Easiest way to prevent from this type of fraud is to keep up-to-date software, since updates most often provide vulnerability fixes.
To scan closely which people are contacting you, that is, to check their names, their domains, and if those domains have small typos, known as email spoofing.
Once a breach has been done however, you need to deactivate all accounts which contain sensitive information, or any funds, which can be taken from, and if the password you’ve used for this service is used for other services, to change it everywhere.