I’ve recently stumbled upon this “haveibeenpwned” website, which allows you to check against the exposed password database.  To my shock, my commonly used password has been exposed 10 times!  Though, I have never received such warning through e-mail.

Here is the website to check it out yourself: https://haveibeenpwned.com/Passwords

By the way, you can also check your e-mail address if it’s already exposed in the homepage.