Always try to keep your sensitive data privately like storing in cold wallets like use paper wallets and hardware wallets instead of keeping private key in your device like computers and mobile and that will lead steal your key easily by hackers.
Try to use chrome extension like cryptonite which is recently becoming popular and which will detect the phishing websites and keep us in safe
In this case it did not help as the seed, that's how they call their private key, was generated online by malicious sites they promoted in their forum, as their own client did not have the functionality to create such. And there was no authorization like a password built in at all. I wrote that already, major design flaw in IOTA.