If some knows a password you’ve used and you have not disclised it, your computer is probably infected.
Sorry, but that is ridiculous.
Passwords harvested exist in large databases. They typically were harvested from using ‘free wifi’ sites by man-in-the-middle exploits, especially back in the early days.
Continue using those passwords without fear on sites with no monetary issue. That email wants only to scare you into doing something stupid like clicking on a link.
Just because they have a password associated with your email when you logged into yahoo does not mean that they can use it to break into your machine, duh!
I’m a retired ISP owner, started in the early 90s. But I stay up on what matters. Don’t respond to any email that you did not originate.