I hope this is the right place to ask. Sorry if it isn’t.

So my brother got the typical ‘scam’ e-mail. The e-mail has the correct password of my brother and all the ‘‘I have access to everything, photos etc…’’. Now i get that this is probably a breach and his data may have once been leaked which is true because I checked it on https://haveibeenpwned.com/ . BUT here is the catch. His e-mail account, league of legends account, snapchat, old instagram account and battle.net account all got hacked. We can’t manage to login anymore and the password/username and even e-mail all got changed since we don’t get the login verification codes anymore to the e-mail he used (we were able to recover my brothers e-mail account with his backup e-mail account and we resetted the password instantly, we also saw here that there were successful login attempts into his e-mail account). We also have contacted Riot Games already since this is the only important one for him and hopefully we get that account back. We are also busy transferring every important account to a new e-mail account who we have secured in all possible ways. Now i know those e-mails are 99% a scam but since my brother actually got hacked on some accounts and even the one he uses daily (league of legends) I’m kinda scared the ‘scam’ e-mail may actually be true or is it bad timing? Can someone enlighten and help us please. My brother is panicking.