As a result of "leaked" access data, blackmail emails are sent out again and again in which people try to make you believe that they had i access to your computer and therefore know the access data.
However, if you use a separate password for each system (as we have been recommending for years), you will also know from the password on which system the data was probably leaked and you can then check with have i been pwned? or Firefox Monitor whether this is true.
In Generally, you will be able to ignore the blackmail attempt - often written with strange characters (Whαt do Ι kηow abοuτ yοu? etc.), so that it is not immediately recognized as spam by anti-spam methods (but we usually do recognize it) - but it is generally an indication that your credentials are known and if the same credentials are
If it is possible, make sure they use multi-factor authentication (MFA) - for systems that are integrated into the SSO system of TU Graz, by using the mobile phone signature.