Perhaps many, but I have over 500 accounts in my password manager, yet none of have been leaked per the password exposure report (which I assume is based on the https://haveibeenpwned.com/ database).

So perhaps the problem is overblown in practice, assuming you don’t use the same password in many sites.

Realistically, how often does this happen?

Maybe find a solution when it happens.