notice of compromised passwords

Are you saying the notification is really just a password strength warning?

No.

They make it appear his whole digital existence has been leaked!

The password was found in a data leak. It doesn't mean that his account that used that password was found in the data leak. Just the same password he is using was found.

I don't know what Hoopla is, but all the rest I don't imagine even store your password. No website should ever store the text of your password. They should store some form of salted hash of the password from which the actual password cannot be recovered. If you ever use a site that will offer to recover your lost password, you should never do anything with that site.

It's valid.

All it is telling you is you have a password that matches those found in some data leak somewhere. It doesn't mean that your specific username and that password were found.

But, that list of leaked passwords will find its way to the list of known passwords to use in a dictionary attack (brute force).

It is essentially advising you that the password may not be very strong anymore.

This just happened to my dad on his iPhone. It mentions over a dozen accounts with probably 3-5 unique passwords between them all. Everything from PayPal, Venmo, credit cards, to Toast and Hoopla.

Are you saying the notification is really just a password strength warning? They make it appear his whole digital existence has been leaked!

Thanks for your help!