Have you received any email recently which starts like this or similar:
Hello!
I have very bad news for you.
09/08/2018 – on this day I hacked your OS and got full access to your account info at system-solutions.co.uk
So, you can change the password, yes… But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
Even if your correct e-mail address has been used it is not proof that you have been hacked. In many cases the password may have been used a long time ago and is no longer in use. Importantly the question is WHAT has been hacked if anything. Even if you recognise part or a whole valid password of yours it still may not be proof that any of your internet accounts are compromised unless the e-mail and password combination is in current use.
Though this is a wakeup call – do not panic. Most importantly DO NOT REPLY to the extortionist and do not pay any ransom money. The vast majority of extortion emails are just bluff. So do mark them as SPAM.
“Credential stuffing” is an automated injection of breached username/password combinations to fraudulently gain access to user accounts. To be sure you do not want to allow this to happen to you. So, for starters, make sure NOT to use the same passwords between internet accounts. Yes, more passwords to remember. Sorry. This is important.
There is nothing wrong with tracking all your passwords and changes using a simple notebook and pen providing you keep it in a safe place. If you’re on Mac OS X then using Notes in Keychain Access is perfectly safe IF your computer login password is complex.
If you have too many passwords then use a password manager. It will make your computing life so much easier as it tracks your passwords securely across computers, tablets and phones for a small fee of course.
Now run a check on ALL your computer, email and internet accounts. You can check whether any password is compromised here:
https://haveibeenpwned.com/Passwords
This site checks your password against a list of 551,509,767 known , unique and compromised passwords (Jan 2019). If your password is on the list then change it immediately. Better be safe than sorry.