It may be confusing to see the description in the Breach Monitor of a username and password associated with a domain or site you have entered to be monitored. The following is an explanation of what this means.
 
When Jenny logged into www.somereallybigshoppingsite.com at some stage (usually within the last month if its a domain previously monitored, therefore not a new term) the computer\device that was used to access that site had RedLine malware on it.

Redline is a nasty piece of work in that it takes user credentials stored in the browser and logs them in the cloud, these large collections of user credentials are aggregated and published\sold on the dark web.
 
Some of the credentials that are obtained are from smarter malware as well as sources that are not from systems infected with malware.

We don't publish the full password as this could further compromise the security of these systems. 
 
To understand what Redline is and an example of other credential stealing\logging malware go to this article.