Found my password online in some kind of data breach for FABO.

This is possible. And not from any sort of breach on the site's part. But using same password that is used on a site that was breached. This is BY FAR the more likely scenario.

There are login Bots that can check thousands of sites from one login breach recorded in "Dark web" corners. So once again. It's HIGHLY recommended to change passwords periodically. And use different passwords for different accounts. There are many programs that can be used to store passwords "Encrypted" either locally on your system or cloud based. I like KeePass myself. And keep that password storage application version patched and up to date. Because yes, there can be discoveries of vulnerabilities to any application.