You make a very important point and I hadn't picked up on that.
Definitely, sometimes when you get a notification saying a password has been compromised it's a scam.
Same as when you get a pop-up saying your mac is full of malware. There was one someone posted here that looked very much like a scam
Similarly, be careful checking passwords. I think 'Have I been Pawned' is ok but there are sites that are collecting them so you may actually be giving them away when you enter them to be tested.
If your machine is compromised and has a keylogger installed, then changing your password will only give the baddies your new password so you need to occasionally run some anti-malware and Malwarebytes is respectable for the mac. You can run it for free.
So if you are getting notifications make sure they are really from Apple and you can do that by the following:
If you are on the phone then got to Settings>passwords and security alerts can be found there. (settings is the gearwheel if you aren't sure)
If you are on the mac then in Safari, on the 'Safari' tab on the top left address bar go preferences>passwords and you'll find a triangle next to any passwords they are flagging you about. which will give you more info when you click on it.
These Apple ones you can be sure of .
People should really use Keychain and allow it to generate strong, unique passwords.
Or a password manager if you want to use iOS and Android or Mac and Windows or if you want to use another browser other than Safari.
People worry about storing passwords in the cloud like in Keychain or a password manager, but if you have used them to log into something on the net then they are all out there stored in cyberspace anyway.
Where they are stored is less important than how difficult they are to get into and the sort of encryption and security Apple and the likes of Dashlane and 1password put into it is far greater than for the guy selling dogfood online working out of a broom cupboard, your dentist or even your lawyer!
Best wishes and thanks for the nice reply.