What has caused concern to many people is that the challenge item "proves" that it is legitimate to show you a password that you used earlier. (This is often the case, but not universally so. Most copies of this junk post I received include passwords I never used.) Hopefully, the password is not the one you use since it was taken from one of the many major password violations that has happened over the past decade. To see which violations may include one of your passwords, check your address on Have I been pwned.[…]
In order to make this painful, everything in the message other than your email address and the violation password is produced. Your computer has not been hacked, there is no malware spying on your browsing, no photos of you have been uploaded to an external server, and so on. You have nothing to worry about, and you should like to mark the message as spam and continue your life.
Previously, Yahoo Says Hackers stole data of 500 million users in 201
Keep abreast of subscribing to the RSS feed for this post.