I found the same message after I purchased 2 TB of iCloud storage, coincided with update. I had 443 alerts under Settings-Passwords listing every single account with a Safari memorized password. Apple support tech looked at his own phone and found similar messages specifically stating "This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately." He was alarmed and promised
Apple Security and Privacy Department would call me about 4 days later, which they did not do. Called again yesterday and spent another hour on the phone, meticulous notes by tech, promising a phone call this morning which again did not occur. Called apple again, got connected to Security and Privacy at last, and technician who had no time to review the notes on the account, played it down like it's a generic alert that I could turn off if it bothered me. The wording is too specific to be nothing. What else could this be but an iCloud leak? Or are the Apple engineers that loose with the English language?