Always use unique passwords for every site!
This recent spam attack was most likely the result of one of the myriad database compromises that happen every month. The bad actors used a large database of email addresses and password to send a threatening form letter containing the password in clear text to try and scare the recipients into sending them $3k in Bitcoin. While it is impossible to completely prevent password databases from being compromised, we can mitigate the potential damage by using unique passwords for each site.
Password strength strategies - The following comic outlines far better than I could the current best practices for password creation:
Long story short, using clever character replacements is no longer beneficial; as cracking software does that too. Using four random words is much harder for cracking software to guess.
Lastly I would like to promote the use of password managers. Not only do they help you stay organized and limit the amounts of passwords you have to remember, but they are also great at generating secure passwords with the click of a button. I personally use Keepass, but there are many popular and secure options. Using a password manager makes it tenable to use a unique password for every site. The HE IT team would be happy to help you get started with a password manager, just let us know when.