From my point of view: (doing hacking for a living)
They can't do anything with your nickname.
To sign in they need your Google account's email address or your PTC username.
They can't make a link between your nickname and your PTC or Google account, only Niantic can.
Just a general tip on your account security:
1. It's never wrong to change you password regularly
2. If you're using Google, turn 2-step verification on within your account settings. This will require you to download the google app, or Google authenticator. When your password is hacked, they still need a second step to sign in.
In case of the Google app; you need to authenticate your phone to confirm sign in attempts.
In case of the Google authenticator app; This app requires you to scan a QR-code while setting things up. After this it will generate a new, 6-digit code every 30 seconds based on the shared key between the app and your Google account.
I'm not sure if PTC supports 2-step authentication, but if it does I imagine it will at least work with the Google authenticator app or something similar.
I hope this explanation helped you to secure your account more. It's already nice to see that you recognized you were probably about to be scammed.