Many major companies have had their databases hacked and info stolen (eg Adobe, various banks and credit companies, govt agencies).
How do you know if you are on a hacked list that is now public?
We have found a site that checks against the main known hacked lists and tells you if you are on them.
The site is https://haveibeenpwned.com/
As far as I can see from checking and reading about it, it is a safe site to use but make your own decision (we checked it and we are there for the Adobe hacked list – we have registered Adobe products previously).