keychain hacked

Do you have a particular question?

Terse questions can unfortunately be open to many interpretations, and can be surprisingly difficult to answer.

If the attacker possesses valid passwords, the usual recourse is to expeditiously change those passwords.

The keychain password is typically the login password, and the login password provides extensive access.

A breached admin password provides complete system-wide access.

A breached system is then untrusted, and a common recourse then involves reloading your software and apps from known-good distributions, and changing all passwords on everything; social media accounts, mail accounts, financial accounts, everything. It can slso mean re-issuing credit cards and such, if those were exposed in the breach.

If not wholesale replacement of the hardware, if the target of the breach is directly or indirectly sufficiently valuable.

If this was not a breach? If this was a question on procedures and policies and practices? Fear is a very profitable sales and marketing tool, widely used, and it’s been effective at getting more than a few folks to load their Macs with malware, and with questionable or problematic or insecure “tools.”

Using two-factor authentication substantially reduces the damage from exposed passwords, but does not always eliminate it.

Usual recommendations: encryption, secure passwords, two-factor where available, depth of backups and with some backups disconnected, a password manager, and such.

Related: Effective defenses against malware and other threats - Apple Community

What makes you think your keychain was 'hacked'?