"Security questions" usually have answers that are based on real-life information about you such as a friend's name, pet's name, or the high school you attended. Someone who knows about you in real life has a decent chance at guessing the answers. So "security questions" actually reduce security.
Passwords should & can be unrelated to any information about you. For example, a good password is a sequence of random letters, digits, & some special characters. It has nothing to do with other information about you, so even someone who knows about you in real life couldn't guess it, unlike a "security question". (Sadly, most people use information about themselves to construct memorable passwords, but they shouldn't.)
Relevant & decent article about this:
Any hacker who managed to get account information will have been able to see your questions and answers. They could use that to take over your account.
They want you to make new ones just in the case of a hack. I already had to do the same thing.
If you received that message through an email then it is a scam.