Reread the parent post more closely. It does not tell them: A) which site nor B) which password.
The parent can log in because they have a map of site<->password. But without either the site or the password, the notification that an email address is compromised is useless.
The parent can log in because they have a map of site<->password. But without either the site or the password, the notification that an email address is compromised is useless.