Total scam, without a doubt. I got a similar email. They basically are able to get hold of a password that you used on at least one site that was compromised at one time in the past, and use the fact that they have that password to make you think they know more and have more than they do. I’d trash the email. Don’t respond. However, I would go ahead and change my passwords, and don’t repeat them site to site.