Just checked my mail and received ransom attempt to expose me,
wanted me to pay 1700 USD in lite coin lol...

then i got curious and checked my account login attempt, welp, they tried to bruteforce login
just dont be lazy and enable password -less sign in now,

not much action needs to be done
If I login and check I also see plenty of these

I've received 3 of those ransom emails recently, all the same
just ignore and delete
and yes, it contains an old password of mine that was leaked in a data breach

they're probably trying with that, but as long as you change to a new password it's fine

also, they didn't really send from your own email address, they just spoofed it, if you use an email client that lets you see headers, you can see the pathway it took and the real source

I saw this video where if your breach contains address and phone number, they even put that in and take an "image" of your house (via google street view)
https://www.youtube.com/watch?v=v_ZLbP9unZs

My google and other account was free from brute force login,

funny thing is, this is microsoft account and they try to use my gmail alias to login...

Microsoft account all turned off password login,
then google/Meta all use long password plus mfa, so far no break in detected.

either same person with VPN trying to log in or different person around the world trying do to the same.

I had my debit cards details leaked, 3 of them, some using to buy facebook ads, then uber in Jakarta, luckily my bank just waived the charges because the amount was low, they simply cancel the card and send new one

my Grab card one is the worst, one occasion got people tried to buy something in Australia, around 130 AUD, then at US for 200 USD...
First time failed due to low credit, second time grab called me to make sure im in Singapore instead of US.

hacker will just sell the card details/accounts online to earn money

For those accounts that allow you to enable MFA, better to enable MFA rather using normal password or password-less login.