If you're using a password manager, you probably have one-time secure passwords, so the only probable way someone gets it is by stealing your password manager.
So the attacker gets access to the plaintext passwords but not the rest of the database or the ability to skip the 2FA server-side, and the site doesn't notice. Guess I can see that happening still, since the password DB is likely separate.
- Site0 leaks your password because they store it poorly.
- It's just one password, but it's still leaked.
- You have 2F in 1Password so even though it's picked up in an account list the attacker can't login.
- Weeks later you learn there was a breach.
This is the common case for most accounts and breaches. Though the sites most likely to leak are also ones unlikely to have 2F so it's not perfect.