So after the incident, is it necessary to keep changing password periodically ?
I think, too often changing password also fishy. Use a strong password (alphanumeric - didn't relate to you) it's enough. Don't ever use the same password for every account. If possible, don't ever tried to register at "unknown" sites.