I have the more typical one email used with hundreds of passwords on many websites. haveibeenpwned is also useless for me, it will tell me that my email was compromised but not which sites or passwords. I guess I could check each password individually, hope each password is globally unique to me, and then try to match it back to the website where I used it so I can change the password.
Reread the parent post more closely. It does not tell them: A) which site nor B) which password.
The parent can log in because they have a map of site<->password. But without either the site or the password, the notification that an email address is compromised is useless.
