One of those many data leaks over the last few years, involving plaintext passwords, must have included the lame password I used to use, back when the Web was new, for sites where security didn't matter much. (Anything that involves commerce gets a strong, unique password; that's been my policy since e-commerce was first a thing.)
Just got a scam e-mail:
I will directly come to the point. I am aware ******* is your password. Moreover, I do know about your secret and I've evidence of it. You do not know me personally and nobody paid me to examine you.
It is just your hard luck that I discovered your bad deeds. Let me tell you, I installed a malware on the adult video clips (sexually graphic) and you visited this site to experience fun (you know what I mean). When you were busy watching videos, your internet browser started working as a Rdp (Remote control desktop) with a keylogger which provided me with accessibility to your display and also cam. Just after that, my software collected every one of your contacts from fb, and e-mail.
Next, I put in much more hours than I should've looking into your life and made a double-screen video. First part displays the recording you had been watching and other part shows the view from your web camera (its you doing dirty things).
For starters, I've never used that particular password on a porn site. I've never logged into a porn site. Try a little harder next time.
Your RDP doesn't work on my configuration.
And my webcam? Is unplugged except when I'm actually on a videoconference. Which is hardly ever.
But... my old lame password is indeed compromised. So now I gotta run down all the sites where I've used it (such as are still in existence), and change my password, lest someone impersonate me in a comment section, or download free software in my name.