Run this script to see if a generated sha-1 of a password has appeared in a data breach. The query sends the first 5 characters of the hashed value to the haveibeenpwned.com database, so the request should be considered safe and anonymous, and user input is not echoed to the screen when typed in.
To check if an email account is at risk, go to haveibeenpwned for more info.