best response confirmed by jlouden (Occasional Contributor)

As explained before, this is an Azure AD Identity Protection detection, not an MCAS one.
I don't think AAD exposes the exact location on the Dark Web where they identify those credentials. You can open a support request for AAD to confirm if you want to.

Best regards