Could your password be at risk in new scam?

PHILADELPHIA (WTXF) - Imagine getting an email that someone knows your password. It's the kind of threat most of us now roll our eyes at, but this one was different.

"An email came across that said my name and my password in the subject," PCs security expert Anthony Mongeluzo said.

The email claimed someone hacked into his computer and will share something about embarrassing about him if he didn't pay $2,900. His password was right there on the subject line. It was outdated, but still, someone had it. Good thing Anthony is in the business of computer security and knew it came from a former security breach.

"One of the biggest hacks was LinkedIn from a few years ago and my guess--I can't say for certain-- that this password that they gathered from me was from LinkedIn," he said.

Some of the biggest companies have been breached over the years, meaning passwords are out there. And with them, scammers claiming to also have embarrassing information, which they do not.

Is your email at risk?

The website haveIbeenpwned.com will tell you. We found Roger randomly, and asked him for his email address. Turns out, it may have been included in ten past breaches. Now what?

"Change your password. But the problem is, it's momentum, I've had this password for most every account I've had for how long, and you kinda hate to do that, but obviously I better do that," he said.

Anthony says never use the same password on multiple sites and if possible, use 2-factor authentication where any log-in attempt first sends a you a text message.

And remember:

"If you see a password that someone sent to you that's on any website, you need to change it immediately," Anthony said.

Has your email been part of a security breach? If you want to find out, click here.