I think if one is seriously concerned about opsec, they should pull the plug on everything and start all over. 

Then, as a genral rule, treat everything as if it’s compromised.

This is also coming from someone with bad opsec. My paranoia can only go so far.