At various times various people and groups have tried an extortion scam that claims to have pictures or video of the user, naked. (This new analysis comes to us, ironically, courtesy of Naked Security, an arm of Sophos.)
This time around they claim to have proof that they have access to your machine, because they have, and tell you, your password. This group appears to have access to one of the myriad password troves that are littered around the Internet, so they may have access to your password. If you use the same one everywhere. And if you haven't changed it in the past several years.
Of course, nobody uses the same password everywhere, right? Well, one of the things we learned from the Ashley Madison debacle was that there are an awful lot of people in responsible positions, who do use the same email and password for work and visiting sex sites ...
(This reminds me of the various CISSP holders, over the years, who have discovered the cissp.txt file, and were horrified to discover that they were in it! It was an old file that someone had scraped off the ISC2 site, when it had a member directory, and was reposted at various times over the years. You can find more details in the CISSPforum FAQ, section 4.4.)
That is actually a pretty good trick. Even if they report an old password for the wrong account, one likely believe them. After all, they could have snagged the pix a while ago, or from a cloud backup of my documents/pix.
Of course, the bigger problem for them is that even my old passwords are something like "PST9hJcP4rJas4ctMnJ0e1Q#CJTVQVV", which are very unlikely to show up in a password trove.