Yeah, I can attest to having received an almost identical email to this one on at least two separate occasions, and as suggested I also quickly made use of my password manager to be sure none of my current accounts were using the old password.
Speaking on passwords, I must recommend: https://haveibeenpwned.com/Passwords
The haveibeenpwned database itself will let you know if your email address has come up in past databreaches, but the password specific part is useful for vetting your current password choices.
