Yep, thats the blogpost from the owner of haveibeenpwnd regarding the email OP received.

OP, it seems like you have or had malware on one or more of your devices that has been logging all of your credentials to any services you signed into on the infected devices with the email address provided in the screenshot you shared.

we’re talking about the logs created by malware running on infected machines. You know that game cheat you downloaded? Or that crack for the pirated software product? Or the video of your colleague doing something that sounded crazy but you thought you’d better download and run that executable program showing it just to be sure? That’s just a few different ways you end up with malware on your machine that then watches what you’re doing and logs it.

These logs all came from the same person and each time the poor bloke visited a website and logged in, the malware snared the URL, his email address and his password.

I would suggest running a malware scan on devices you use to log in with that email.

On a secure device, you should change the passwords for each service that you use that email with.

If 2FA is already enabled on any of these accounts, then it should be safe and I would ensure the device is not infected before changing the passwords or else the passwords will be stolen again when you sign in on the infected device.

It is likely any other accounts that were signed into on the infected device have had their credentials stolen too, you may not have those email addresses set up to receive this notification. Also you should notify anyone else who has used the infected device that their credentials were likely stolen too.

You can check if other emails have been comprised using https://haveibeenpwned.com/ and you can also check if passwords have been comprised there too.

deleted by creator