I’ve recently stumbled upon this “haveibeenpwned” website, which allows you to check against the exposed password database. To my shock, my commonly used password has been exposed 10 times! Though, I have never received such warning through e-mail.
Here is the website to check it out yourself: https://haveibeenpwned.com/Passwords
By the way, you can also check your e-mail address if it’s already exposed in the homepage.