Calling that a Google data breach is a pretty big misrepresentation; keyloggers installed on user machines collected passwords typed into a number of websites, including Google's.

(disclaimer: I work for Google, have no special knowledge of the incident in question)

Then the absolute safest thing to do is never give any information to any third party for any reason.

Except that's impossible to actually implement, or manage, and makes your life so much harder for questionable benefit.