It may not be a pop-up scam. A few browsers (Mozilla Firefox for one) have the ability to search for common passwords that have appeared in data breaches.
Trust me, if you're using a word-based password (eg: eucalyptus23) then it will have been leaked in a breach somewhere. You're better off using a pass-phrase of 3 or 4 words (eg: YourCatSmellsBad) or a password manager such as 1password, LastPass or BitWarden to generate and store massive and complicated passwords for you.
You can always drop your email address into Troy Hunt's excellent "Have I Been Pwned" search engine and see if your email address has been involved in a breach.
You can search a huge database they maintain to find if your email or passwords have been released in data breaches. They will also tell you what company released you info.
