I am positive that this question is in the wrong place, but I cannot find which section would be appropriate? Maybe somebody could correct this and add more relevant tags? :)
I observed a pop up today from a computer with AVG installed that stated 1 password has been "leaked" to online hacker forums (if not this exact choice of words it was something very similar)
From this I have a series of questions that all closely relate:
1) How can AVG know that a certain password has been "leaked"
2) With this information being seemingly available, why is it that the user is not informed by the provider, from which the credentials are used for, that their account is now insecure.
3) Why is there not an agency of some sort that contacts these providers to inform them that credentials have been stolen.
In summary, why is it that AVG knows certain credentials have been stolen but the providers seemingly do not?
There are databases like https://haveibeenpwned.com/Passwords which is likely used by AVG.
It's only related to the password, not to the provider. Eventually you used the password at multiple services (or someone else had the same password).
In many cases, there are only passwords publicly known, so you can't get contacted.