Do I REALLY need to change my email password when idnotify.com Dark Web Monitoring recommends?

Question

I occasionally get alerts from idnotify.com Dark Web Monitoring, such as this one:

08/31/2019  
COMPROMISED EMAIL ADDRESS
Email Addresses:    Jt***an@gmail.com
Date Found: 08/26/2019
Password *************************
Potential Site DUBSMASH.COM
Immediately change the password for the email address that was found compromised.

My thoughts:

1. My email account uses 2-factor authentication. So unless I know for sure that someone somehow learned my actual password, I don't know why I'd want to change my password every time I get one of these alerts.
2. The amount of asterisks in the "Password" in these alerts differs. Some alerts say ************************* and others say ********. I don't know if the lengths are reliable, but if the length doesn't match my real password, I wonder if that means I don't need to change it.
3. What the heck does Dubsmash have to do with anything? That app sounds only vaguely familiar. I checked my password manager and don't seem to have an entry for it.

P.S. It's not phishing. After the Equifax breach, I enrolled in their TrustedID program in Sep 2017. In Nov 2018, they gave me "this extension of free credit monitoring through IDnotify™, a part of Experian."

Answer 1

If you have not registered for Dubsmash ,ignore the alert. Please check the headers of the mail that your have received this alert from. If the source seems suspicious to you or blacklisted, ignore the alert. Request you to report the abuse activity of the source(relay server) here.

If you have signed up for the service and headers seem good follow below.

• Check if any reports/news of Dubsmash has been breached recently.
• Do advance googling to see if your account has been really breached.
• Do check about your email in sites like pastebin,doxbin, etc.

If any entries found, no harm in changing your password. But try to change password from the official site or app of Dubsmash.