You must have read about the data leaks that took place over the past two or three years: LinkedIn, Yahoo, Facebook and many, many others lost customer data to hackers and made the press as a result.
Some enterprising person collated all those stolen databases and put them together in something dubbed Collection 1. It’s a folder with 12,000 files, weighing 87GB and has email addresses and passwords for 770 MILLION people. It probably has yours.
There’s an easy way to check: go to https://haveibeenpwned.com/Passwords and enter your passwords to find out whether they have already been listed somewhere or not.
It is safe to do so, because all you are entering is the password, not your login details.
However, if that password has been listed before, you ought to change it, and never use it again.