I think Apple uses haveibeenpwned.com
The pw manager listed three nostr keys that leaked from Damus