He actually got your password somehow I mean he probably get that from other scam websites or probably it was the scam website that sent that email, I do manage my password on a notebook to avoid this I put a different password on different accounts and different websites, same as you do I do this exclusively on important websites, I don't even know the password of some of my accounts so I need my notebook to look at it most of the time, sometimes its a hassle doing that but it helps secure my accounts.

I mean you would really send this kind of amount of money to someone if they really have a sensitive file I might just accept that it's already on the internet, doing transactions with someone like him would just lead to more for sure.

Re: Don't use your bitcoin talk account password on other websites You can check this thread on how to make a strong password as well as using the same password on the same websites.