Compromised Companies With My Email Address On File

[WORKS2016]

There's a nasty email going around using a password they hacked from another company to attempt to extort money from me. For example, I got an email stating someone accessed my account using a password that shockingly is one I've used before. So, immediately they have my attention. I happen to use a password vault so it was easy to determine where I used it and narrow down what was really going on. Turns out the password was a basic password I used years ago on a site that was irrelevant, for example, I made a one-time payment and didn't have anything else on file. Even if someone got access there was nothing that would affect me. Didn't use the password anywhere else. This company got hacked and the keychain compromised, the hackers then took my email and password and attempted to trick me into thinking my computer was hacked, they have all my data, and they wanted me to pay a ramsome. 

Not sure how legit this site is https://haveibeenpwned.com/ which claims to check if your email address was involved in a data breach which companies are involved. 

What are others using to research this? My clients are now getting this same email and it's concerning for them, for obvious reasons, and I want to give them a well-rounded answer. Not just you're fine and this is spam. Of course, I want to know this information for my ongoing research involving cybersecurity. 

Thank you.

[David H. Lipman]

It not only is legitimate but it has been discussed, in this Forum, multiple times in the past.

Known and trusted.

[WORKS2016]

Great, thank you I'll search the posts. Any other sites areas to search?