If you receive notice that your email was found on the dark web and that they have your password you can go to haveibeenpwned.com for a full report on the incident. It is a reputable site that keeps track of known data breaches and exposes a way for anyone to check whether your email or password has been found in any of them. 

CompleteID is another service that uses behind the scenes to monitor if their customers information has been exposed.

Data breaches are very likely the reason for a ton of SPAM. Once your email has been exposed, very likely it already is in spammers lists and being used to send unsolicited messages.

Email accounts come with SPAM filtering which should catch most of it, but it is not infallible. SPAM messages can still make it to your inbox. When that’s the case marking those emails as SPAM should prevent them from making it to the inbox in the future.

In a similar way, bad actors can use this information to attempt and get access to accounts you may have in different places (banks, social media, email, etc) that are associated with the same email address and that sometimes use the same passwords as the ones found in the breaches. For that reason, the use of strong and unique passwords is highly recommended.

The alert you get may possibly be informing you that your information was found in one (of many) breaches, perhaps even a new one. Do not assume that your email password was part of the breach unless the service you are using confirms a password breach. Their report may indicate that passwords "may have been" exposed as part of the breach.

Most of the time when those breaches result in password exposure, is not the plain text password, but instead a hashed version of it that gets breached.

FYI: FASO does not have access to your email passwords in any way.

01122022