Check if a password has been pwned. (Listed in other security breaches) See haveibeenpwned.com/API/v2
In order to protect the value of the source password being searched for, the Pwned Password service implements a k-Anonymity model that allows a password to be searched for by partial hash.
The entered password is hashed and only tyhe the first 5 characters of a SHA-1 password hash (not case-sensitive) is passed to the API. When a password hash with the same first 5 characters is found in the Pwned Passwords repository, the API responds with an HTTP 200 and include the suffix of every hash beginning with the specified prefix, followed by a count of how many times it appears in the data set. The app then search the results of the response for the presence of the source hash and if not found, the password does not exist in the data set. If it is found, the number of times it has been exposed is displayed.