Yes. That is a thing. If the password you are using is detected in a data leak Apple will let you know.
It means that a password you are using with a specific website was part of a data leak at some point. It does not mean your specific password has been used to access whatever website or service it was associated with in the leak however, just that it was part of the leaked data.
The recommendation is to update the password to one that has not been used before.
Link-> Passwords & Privacy - Apple Support
...Your device may also inform you of passwords that may have been compromised in a data breach. This feature uses strong cryptographic techniques to regularly check derivations of your passwords against a list of breached passwords in a secure and private way that doesn’t reveal to Apple your accounts or passwords. Apple will send to your device a list of common passwords that are present in data breaches. For your passwords that are not in this list, your device will send information calculated from your passwords to Apple to check if the passwords may be present in a data breach. You will be warned about your passwords determined to possibly be in a data breach. Your actual passwords are never shared with Apple, and Apple does not store the information calculated from your passwords. You can disable this feature at any time by going to Settings > Passwords > Security Recommendations.