Ok ... so I think false preconceptions are polluting this topic. Apart from the passwords, nothing serious has happened here for your data. As for the DMs ... yea there aren't DMs with any real privacy on the fediverse, they don't exist ... you should presume DMs are public.
Because the fediverse is not in any way private. See for a good treatment of this: https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/
The basic story is that the fediverse is all about duplicating what we post all over the place ... essentially to anyone who decides to run a server on the fediverse. The FBI could (and probably do?) have a server scooping up all sorts of stuff onto their server and you wouldn't know about and probably couldn't do much about it. Google is scraping mastodon (and probably lemmy?) ... try a google search for mastoodn content.
This is all public internet stuff, you're basically running a public blog that happens to be well connected to lots of other public blogs.
As nice as the fediverse is as a nice anti-capitalist-big-corp monopolisation of our social online lives ... it is very much born out of the web2.0 era and doesn't have any of the privacy concerns many of us would now hope for from technologies.
I've argued this elsewhere ... I like the fediverse and am here out of principle ... but in many ways it highlights some of the failings of our world at this time ... because it's about 10 years too late and the future is coming in hot and fast ... in retrospect I wouldn't be surprised if it will make a lot of sense to look back on the fediverse and think that it was effectively redundant at just about the time it gained popularity. An AI dominated internet with massive privacy concerns is here very soon, and the fediverse isn't ready IMO, it's still trying to catch up to web2.0 big social circa 2010.