Chrome sends a hash of your ID and password to Google. Google maintains a list of known compromised ID and passwords pairs. If the hashes match, then your ID & password are known to be found in the wild. So Chrome recommends you change them. It doesn't mean this site was the source of the original compromise.