And as far as I remember: only a hash of your password is sent. So, if the hash you sent matches something on their powned list, they’ll tell you. If it’s not on their list, then it is just a meaningless hash (your personal information was not exposed)
They have an API for checking passwords I believe
And as far as I remember: only a hash of your password is sent. So, if the hash you sent matches something on their powned list, they’ll tell you. If it’s not on their list, then it is just a meaningless hash (your personal information was not exposed)