There is a site that allows you to check if you have an account that has been compromised in a data breach. It is a real eye opener.
https://haveibeenpwned.com/You can check email addressed and also passwords (to help to pick a less common one).
https://haveibeenpwned.com/PasswordsI discovered this site after I had been sent a mass mailing where the "sender" advised me that they had a recording made of me watching something that I should not have been watching. Included in the email was a password that closely resembled the one that I was actually using at the time.
They said that they were able to remote control my system, and that if I did not send them an outrageous amount of Bitcoin within a certain time period that they would release the video to everyone in my mailing list.
I was not too concerned about the threat. I only have dial-up, so I do not have the bandwidth to make videos watchable. My webcam has tape over it, and I could not afford to send them the Bitcoin (or how to do it) even if I wanted to comply. I decided to "let it fly"...let them do their worst...it didn't matter. (They eventually sent a "reminder", advising me that they had not seen any response. No kidding. They gave up, but I have seen similar messages occasionally. Huge scam.
What I WAS concerned about was that they obviously had my e-mail address; and also a password that was too close for comfort.
I researched this and discovered that these addresses and passwords came from several breaches of databases where my info was stored. (Evite, Linkedin, Adobe, MyHeritage) I would likely have been involved in the Target Stores breach and Marriott Hotels if I had been a customer). Because accounts are breached every day I keep my online accounts to a bare minimum. The owners can be trusted, but the employees/third party users often cannot. (The Target breach was caused by one of their contractors being careless with Target's Point of Sale systems).
If you should happen to receive one of these "I saw you" letters (What are you doing watching those dirty movies") disregard it, and report it to your service provider. It's a hoax...the addresses likely came from a security breach...and they don't know you. BUT they may have your password. They have NO WAY to make their threat come true, but they want to to "worry" so that they can relieve you of your money, credit card number, and other personal info.
Change your password regularly, pay close attention to your financial statements, and otherwise "be careful". These criminals are VERY tricky, but not necessarily smart, and they are counting on their belief that you are not as smart as them. I KNOW that you are "smarter".