I have received one of those blackmail/extortion emails claiming having hacked me and asking for payment or... It displayed as proof the email and password uniquely used for a Sociamonials account that was refunded and no longer active.

However it appears you still have the email in your system, although I can't login and reset psw does not work although it does sent a reset link to the email - hence proof that the email is still in the system. I'd recommend removing completely those refunded accounts as they are inaccessible anyway.

However, the main thing you should be looking into is where the email/passwords leak is at.

And for *** sake, don't store plain passwords, use hashing !!!!!

Cheers!